Main Vulnerability Database Vulnerabilities #VU123322

Path traversal in IceWarp - CVE-2026-2493

Published: February 27, 2026

Vulnerability identifier: #VU123322

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-2493

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IceWarp

Affected software:
IceWarp

Detailed vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within handling of the ticket parameter provided to the collaboration endpoint. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

How to mitigate CVE-2026-2493

Install updates from vendor's website.

Sources

https://www.zerodayinitiative.com/advisories/ZDI-26-130/

Path traversal in IceWarp - CVE-2026-2493

Detailed vulnerability description

How to mitigate CVE-2026-2493

Sources

Please verify you're human