| Advisory ID | Severity | Release Date | Reported By | CVE ID |
| HSVD-2026-0012 | Medium | June 18, 2026 | External submission | N/A |
Overview
Hillstone HSM contains an arbitrary file deletion vulnerability. The vulnerability exists because the system does not properly validate user-supplied file names. An attacker could delete files with specific permissions on the server, which may lead to system outage, data loss, or even complete service unavailability.
Affected Products & Fix Versions
| PRODUCT | AFFECTED VERSIONS | FIX VERSION |
|---|---|---|
| HSM5.X | Versions prior to HSM5.6.13.1 | HSM5.6.13.1 |
Remediation & Mitigation
- Repair by upgrading the version.
Contact & Reporting
For technical support and detailed remediation guidance, contact Hillstone Networks support at +1-800-930-6707.
To report security issues in Hillstone products, email PSIRT@hillstonenet.com. Hillstone follows responsible disclosure principles and applicable regulations when handling product security incidents.
Legal notice — Without written authorization from Hillstone Networks, no organization or individual may modify, excerpt, or disseminate the content of this advisory for commercial purposes.
Recent Comments