AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesApril 23, 2026CVE-2024-7399

Summary

Samsung MagicINFO 9 Server has a path traversal vulnerability (a flaw that lets attackers access files outside intended directories) that could allow an attacker to write arbitrary files with system-level permissions. This vulnerability is actively being exploited in real attacks. Organizations using this product must take action by May 8, 2026.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See https://security.samsungtv.com/securityUpdates for vendor guidance.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 71.0%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

April 23, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-22 CWE-434

CAPEC (Attack Pattern)

CAPEC-1 CAPEC-126

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-7399

First tracked: April 24, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%