CVE-2026-2753

EPSS 0.45%
Veröffentlicht 06.03.2026 15:16:11
Zuletzt bearbeitet 05.06.2026 16:40:37
Quelle 56a186b1-7f5e-4314-ba38-38d549
CVE-Watchlists
Login
Unerledigt
Login

An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful exploitation allows the attacker to retrieve arbitrary files from the underlying filesystem, limited only by the privileges of the service process. This can lead to the exposure of sensitive configuration files and system information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Navtor ≫ Navbox Firmware Version >= 4.12.0.3 < 4.14.1.2

Navtor ≫ Navbox Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.357

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
56a186b1-7f5e-4314-ba38-38d5499fccfd	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-36 Absolute Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

https://cydome.io/vulnerability-advisory-cve-2026-2753-in-navtor-navbox-version-4-12-0-3

Third Party Advisory

https://www.navtor.com/navtor-vendor-statement

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-2753

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-2753

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-2753

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-2753