Report an incident
Back
  • About us
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy Bezpieczny telefon
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
Tools
n6 Artemis MWDB
CVD program
CVD policy Advisories

Vulnerability in Golem OEE MES software
11 June 2026 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2026-8464
Publication date 11 June 2026
Vendor Neuron Soft
Product Golem OEE MES
Vulnerable versions All before 11.6.0
Vulnerability type (CWE) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Report source Report to CERT Polska

Description

CERT Polska has received a report about vulnerability in Neuron Soft Golem OEE MES software and participated in coordination of its disclosure.

The vulnerability CVE-2026-8464: Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by manipulating HTTP request paths.

This issue has been fixed in version 11.6.0

Credits

We thank Karol Królak (securitum.pl) for the responsible vulnerability report.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.