CVE-2026-6074
9.8 CRITICALIntrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint u...
Published: 2026-04-23 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-35
Description
Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-40128 — SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that man... (9.0 CRITICAL)
- CVE-2026-24315 — SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened ... (4.2 MEDIUM)
- CVE-2026-45661 — Dokploy is a free, self-hostable Platform as a Service (PaaS) (9.9 CRITICAL)
- CVE-2026-44933 — `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard config... (7.8 HIGH)
- CVE-2026-45495 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (8.8 HIGH)