CVE-2024-26291 – Avid NEXIS Unauthenticated Arbitrary File Read Vulnerability

CVE ID : CVE-2024-26291

Published : July 14, 2025, 9:15 a.m. | 1 hour, 14 minutes ago

Description : The Application is vulnerable to an Unauthenticated Arbitrary File Read. This affects the
Agent installed on Linux and Windows alike. The parameter filename does not validate the
path thus allowing users to read arbitrary files. As
the application runs with the highest privileges (root/NT_AUTHORITY SYSTEM)
by default attackers are able to obtain sensitive information.

This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…