ZDI 2026-04-15

ZDI-26-272: ATEN Unizon RpcProvider Missing Authentication Denial-of-Service Vulnerability

CVE-2026-5057

Machine-generated analysis · WAYSCloud LLM

The vulnerability affects ATEN Unizon's RpcProvider component and can be exploited without authentication to trigger a denial-of-service condition.

Context

The affected product is ATEN Unizon, specifically its RpcProvider component. The vulnerability is a missing authentication issue that allows remote attackers to cause a denial-of-service condition. The advisory notes that no authentication is required to exploit the vulnerability. The assigned CVSS score is 7.5, indicating a medium to high severity impact based on the stated exploit conditions.

Operator considerations

Check: Identify systems running ATEN Unizon with the RpcProvider component exposed to untrusted networks.

From Zero Day Initiative ↗

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ATEN Unizon. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2026-5057.

Read the full advisory on ZDI →