CVE-2026-6074 CRITICAL

CVE-2026-6074: Path traversal: '.../...//' in Intrado 911 Emergency Gateway (EGW)

Vendor Intrado
Product 911 Emergency Gateway
Weakness CWE-35
Published April 23, 2026
Last update June 4, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory.

Key dates

02Disclosure timeline

April 23, 2026 CVE published
June 4, 2026 Record updated