| Advisory ID | Severity | Release Date | Reported By | CVE ID |
| HSVD-2026-0013 | High | June 18, 2026 | External submission | N/A |
Overview
Hillstone HSM contains an arbitrary file write vulnerability. The vulnerability exists because the system does not strictly validate or restrict user-supplied file paths and content. An attacker can craft malicious requests to write files to arbitrary locations on the server. Upon successful exploitation, an attacker may upload malicious scripts, tamper with system configuration files, or implant backdoor programs, further leading to remote control of the server, disclosure of sensitive data, or compromise of the business system. In severe cases, the entire platform may be rendered completely out of control.
Affected Products & Fix Versions
| PRODUCT | AFFECTED VERSIONS | FIX VERSION |
|---|---|---|
| HSM5.X | Versions prior to HSM5.6.13.1 | HSM5.6.13.1 |
Remediation & Mitigation
- Repair by upgrading the version.
Contact & Reporting
For technical support and detailed remediation guidance, contact Hillstone Networks support at +1-800-930-6707.
To report security issues in Hillstone products, email PSIRT@hillstonenet.com. Hillstone follows responsible disclosure principles and applicable regulations when handling product security incidents.
Legal notice — Without written authorization from Hillstone Networks, no organization or individual may modify, excerpt, or disseminate the content of this advisory for commercial purposes.
Recent Comments