Reconnecting to live updates…

CVE-2026-1186: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in ABC PRO SP. Z O.O. EAP Legislator

High

VulnerabilityCVE-2026-1186cve cve-2026-1186 cwe-22

Published: Mon Feb 02 2026 (02/02/2026, 13:59:56 UTC)

Source: CVE Database V5

Vendor/Project: ABC PRO SP. Z O.O.

Product: EAP Legislator

Description

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x. system startup) where files will be extracted by the victim upon opening the file. This issue was fixed in version 2.25a.

Technical Details

Data Version: 5.2
Assigner Short Name: CERT-PL
Date Reserved: 2026-01-19T13:17:10.720Z
Cvss Version: 4.0
State: PUBLISHED

Threat ID: 6980b180f9fa50a62f4545f1

Added to database: 2/2/2026, 2:15:28 PM

Last updated: 2/2/2026, 2:15:44 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2026-1761: Stack-based Buffer Overflow in Red Hat Red Hat Enterprise Linux 10

High

VulnerabilityMon Feb 02 2026

CVE-2026-1760: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in Red Hat Red Hat Enterprise Linux 10

Medium

VulnerabilityMon Feb 02 2026

CVE-2026-24071: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition in Native Instruments Native Access

High

VulnerabilityMon Feb 02 2026

CVE-2026-24070: CWE-426 Untrusted Search Path in Native Instruments Native Access

Critical

VulnerabilityMon Feb 02 2026

CVE-2025-8587: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in AKCE Software Technology R&D Industry and Trade Inc. SKSPro

High

VulnerabilityMon Feb 02 2026

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Reference 2 Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

CVE-2026-1186: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in ABC PRO SP. Z O.O. EAP Legislator

CVE-2026-1186: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in ABC PRO SP. Z O.O. EAP Legislator

Description

Technical Details

Community Reviews

Related Threats

CVE-2026-1761: Stack-based Buffer Overflow in Red Hat Red Hat Enterprise Linux 10

CVE-2026-1760: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in Red Hat Red Hat Enterprise Linux 10

CVE-2026-24071: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition in Native Instruments Native Access

CVE-2026-24070: CWE-426 Untrusted Search Path in Native Instruments Native Access

CVE-2025-8587: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in AKCE Software Technology R&D Industry and Trade Inc. SKSPro

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility