CVE-2026-7036
Published: 26 April 2026
Summary
CVE-2026-7036 is a high-severity Path Traversal (CWE-22) vulnerability in Tenda I9 Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents path traversal exploitation by validating inputs to the R7WebsSecurityHandlerfunction in the HTTP Handler, blocking malicious path manipulations.
Requires timely flaw remediation such as firmware patching for Tenda i9 1.0.0.5(2204), eliminating the root cause of the vulnerability.
Boundary protection mechanisms like web application firewalls can inspect and block path traversal attempts in unauthenticated remote HTTP requests to the affected component.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal vulnerability (CWE-22) in the public-facing HTTP handler of Tenda i9 router firmware enables remote unauthenticated exploitation of a public-facing application to access unintended files.
NVD Description
A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be…
more
used.
Deeper analysisAI
CVE-2026-7036 is a path traversal vulnerability (CWE-22) in Tenda i9 firmware version 1.0.0.5(2204). It affects the R7WebsSecurityHandlerfunction within the HTTP Handler component. Published on 2026-04-26, the issue has a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), reflecting its network-based exploitability without authentication or user interaction.
Remote attackers can exploit this vulnerability over the network with no privileges required. By manipulating inputs to the HTTP Handler, they can traverse paths to access unintended files, achieving limited impacts on confidentiality (C:L), integrity (I:L), and availability (A:L).
Advisories and details are documented on VulDB (https://vuldb.com/vuln/359616, https://vuldb.com/vuln/359616/cti, https://vuldb.com/submit/798479), a GitHub repository (https://github.com/Litengzheng/vuldb_new/blob/main/M3/vul_80/README.md), and the Tenda vendor site (https://www.tenda.com.cn/). Security practitioners should consult these for any recommended patches or mitigations.
The exploit is publicly available, raising concerns for potential active use against unpatched Tenda i9 devices.
Details
- CWE(s)