CVE-2026-6074

Summary

Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory.

Affected Software

VendorProductVersion RangeStatus
Intrado911 Emergency GatewayVersions 7.xaffected
Intrado911 Emergency GatewayVersions 6.xaffected
Intrado911 Emergency GatewayVersions 5.xaffected

Weaknesses

  • CWE-35: CWE-35 Path traversal: '…/…//'

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References