GN-SA-2026-001: Genian NAC — Remote Code Execution (RCE) Vulnerability

Date

  • July 07, 2026

CVSS V4.0 score

  • 7.7

Severity

  • High

Description

A ZIP Slip-based Remote Code Execution (RCE) vulnerability, caused by insufficient validation in the agent upgrade feature, has been discovered, and a security update has been released. Users of affected versions are advised to update to the latest version.

  • Remote Code Execution (RCE) via ZIP Slip and missing permission validation in AgentUpgrade (CVE-2026-XXXX)

Affected Versions

  • Genian NAC 4.0.175 Release (below Revision 148817)
  • Genian NAC 5.0.65 LTS Release (below Revision 148816)
  • Genian NAC 5.0.75 LTS Release (below Revision 148815)
  • Genian NAC 5.0.85 Release (below Revision 148814)
  • Genian NAC 5.0.86 Release (below Revision 148813)
  • Genian ZTNA 6.0.26 LTS Release (below Revision 148811)
  • Genian ZTNA 6.0.35 LTS Release (below Revision 148810)
  • Genian ZTNA 6.0.45 Release (below Revision 148809)
  • Genian ZTNA 6.0.46 Release (below Revision 148807)

Solution

The vulnerabilities included in this advisory can be resolved by updating to the following versions:

  • Genian NAC 4.0.175 Release (Revision 148817 or later)
  • Genian NAC 5.0.65 LTS Release (Revision 148816 or later)
  • Genian NAC 5.0.75 LTS Release (Revision 148815 or later)
  • Genian NAC 5.0.85 Release (Revision 148814 or later)
  • Genian NAC 5.0.86 Release (Revision 148813 or later)
  • Genian ZTNA 6.0.26 LTS Release (Revision 148811 or later)
  • Genian ZTNA 6.0.35 LTS Release (Revision 148810 or later)
  • Genian ZTNA 6.0.45 Release (Revision 148809 or later)
  • Genian ZTNA 6.0.46 Release (Revision 148807 or later)

Workaround

  • None