Arbitrary File Deletion via Unvalidated Input Parameters

CVE-2026-35080 is a critical file deletion vulnerability affecting the ugw-restoreinfo method that allows authenticated attackers to remove arbitrary files from affected systems. The vulnerability stems from insufficient validation of user-controlled input, meaning an attacker with basic user privileges can manipulate parameters to specify any file path for deletion rather than only intended restoration files. This matters because file deletion can lead to system instability, data loss, denial of service, or destruction of evidence—making it particularly dangerous in environments where file integrity is essential for compliance, operations, or forensic purposes. Organizations running systems with vulnerable ugw-restoreinfo implementations are at risk, especially those where user account compromise or insider threats are concerns.

While this CVE currently maps to zero Casky skills and lacks MITRE ATT&CK technique classifications, Claude AI-powered detection would focus on identifying the underlying attack patterns: suspicious file deletion operations initiated through web service methods (Impact: Data Destruction), excessive or unusual file path parameters in API calls, and patterns of privilege escalation from user-level access to system file modification capabilities. A practitioner using Casky would observe findings flagging unexpected deletions of system or application-critical files, anomalous restoreinfo method calls with directory traversal patterns (../ sequences), and logs showing authenticated users performing file operations outside their normal behavioral baseline—all indicators that input validation controls have been bypassed.