External risk intelligence

Daktronics Controller Firmware Directory Traversal Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-28701

The vulnerability affects Daktronics controller firmware, which is typically used in industrial and signage control systems. While these devices operate over a network, they are generally deployed within internal or isolated operational technology networks rather than being directly exposed to the public internet.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability involves Daktronics controller firmware, potentially allowing unauthorized access to file system information. The primary concern is to determine if this technology is in use and if it is exposed to potential risks.

  • Unauthorized file access in controller firmware.
  • Important for operational technology systems.
  • Confirm relevance and identify exposure.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by reaching the Daktronics controller firmware remotely, without needing any prior authentication or access. This exposure allows them to navigate beyond the intended directory, potentially accessing and enumerating arbitrary files on the system. When this capability is supported, it could lead to significant information disclosure or further system compromise.

  • Remote unauthenticated access required.
  • Directory traversal to enumerate files.
  • Sensitive information disclosure risk.

Live Threat

Current exploitation, exposure, and threat context

When supported by the advisory, authenticated and unauthenticated remote users could escape the intended directory and enumerate arbitrary file system paths on Daktronics Controller Firmware.

  • Arbitrary file system paths could be exposed.
  • Directory traversal could lead to enumeration.
  • Sensitive information disclosure may occur.

Operational Fix

Recommended remediation, mitigation, and detection steps

The Daktronics Controller Firmware vulnerability requires immediate attention from teams responsible for operational technology (OT) and industrial control systems (ICS). The first practical step is to identify all instances of this firmware within the environment, determine their network reachability, and assess their criticality to business operations. Once identified, the accountable owner must be located to plan a remediation strategy based on the assessed risk and potential impact.

  • Assign ownership to OT/ICS teams.
  • Verify firmware deployment and network exposure.
  • Plan risk-based remediation actions.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Daktronics Controller Firmware?

This firmware is the embedded software that runs controllers for industrial signage and large-format digital displays. These components serve as the bridge between management systems and the physical displays, enabling the hardware to process commands and render visual content.

What does CVE-2026-28701 mean for this software?

CVE-2026-28701 represents a path traversal vulnerability, classified as CWE-22. It occurs when software fails to properly sanitize user input, allowing an attacker to navigate outside of designated, restricted directories. In this case, the flaw allows unauthorized users to interact with files and folders on the system that should remain inaccessible, potentially leading to unauthorized data exposure.

How can an attacker trigger this vulnerability?

An attacker triggers this bug by sending specially crafted requests to the controller firmware over the network. Crucially, the vulnerability does not require the attacker to have an existing account or password to interact with the device. Conversely, the bug is not triggered by normal, authorized administrative tasks that remain within the intended file system boundaries.

Is my Daktronics device at risk if it is on an internal network?

According to Halo Surface Signal, while these devices function over a network, they are typically deployed within isolated operational technology environments. Because the vulnerability is remotely accessible, the primary risk involves unauthorized users gaining access to these internal network segments. If the device is not reachable from the public internet, the practical risk is generally lower than for internet-facing systems.

Do I need to act immediately on CVE-2026-28701?

Yes, you should prioritize identifying where this firmware is deployed within your infrastructure. The first step is to catalog your Daktronics assets, determine which devices are running the affected firmware, and verify their current network accessibility. Once you have identified the impacted hardware, coordinate with the operational technology or industrial control system teams to assess the business impact and prepare for necessary updates.

References