Main Vulnerability Database Vulnerabilities #VU123322

#VU123322 Path traversal in IceWarp - CVE-2026-2493

Published: February 27, 2026

Vulnerability identifier: #VU123322

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-2493

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IceWarp

Software vendor:
IceWarp

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within handling of the ticket parameter provided to the collaboration endpoint. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Remediation

Install updates from vendor's website.

External links

https://www.zerodayinitiative.com/advisories/ZDI-26-130/

#VU123322 Path traversal in IceWarp - CVE-2026-2493

Description

Remediation

External links

Please verify you're human