Primary

Context

Garmin WDU Symlink Attack Vulnerability Allowing Arbitrary File Retrieval

Vulnerability

A symlink attack vulnerability has been identified in the locally served web site on Garmin WDU versions 1 1.4.6 and 2 5.0. The vulnerability arises from the web server following symlinks contained in uploaded graphics packages, without any restrictions on the link targets. This lack of oversight enables the retrieval of arbitrary files from the device.

Impact

Exploitation of this vulnerability allows for unauthorized access to arbitrary files on the device.

Remediation

Users can update to Garmin WDU version 7.00, released on April 2, 2026, which addresses this vulnerability.

Added: May 13, 2026, 9:40 PM

Updated: May 13, 2026, 9:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Garmin WDU Symlink Attack Vulnerability Allowing Arbitrary File Retrieval

Vulnerability

Impact

Remediation

Affected Products

Garmin EmpirBus WDUv2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating