CVE-2026-6074

CRITICAL

Path traversal: '.../...//' in Intrado 911 Emergency Gateway (EGW)

Title source: cna

Description

Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory.

References (2)

Core 2

Core References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-06.json

View Writeup ZIP pw:eip

Government Resource government-resource

https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-06

Scores

CVSS v3 9.8

EPSS 0.0055

EPSS Percentile 41.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-35

Status published

Products (3)

Intrado/911 Emergency Gateway Versions 5.x

Intrado/911 Emergency Gateway Versions 6.x

Intrado/911 Emergency Gateway Versions 7.x

Published Apr 23, 2026

Tracked Since Apr 24, 2026