CVE-2026-1330 is an Absolute Path Traversal vulnerability (CWE-36) found in MeetingHub, a product developed by HAMASTAR Technology. This vulnerability allows unauthenticated remote attackers to perform arbitrary file reads by manipulating file path inputs to traverse directories and access files outside the intended directory scope. The flaw arises from insufficient validation of user-supplied file path parameters, enabling attackers to specify absolute paths to sensitive system files. The vulnerability has a CVSS 4.0 base score of 8.7, indicating high severity, with an attack vector of network (AV:N), no required privileges (PR:N), no user interaction (UI:N), and high impact on confidentiality (VC:H). The integrity and availability impacts are none, but the confidentiality breach can expose critical system information such as configuration files, credentials, or logs. No patches are currently available, and no exploits have been observed in the wild. However, the vulnerability's characteristics make it highly exploitable remotely without authentication, posing a significant risk to affected systems. MeetingHub versions labeled '0' are affected, which likely refers to initial or early releases. The vulnerability was published on January 22, 2026, by TW-CERT. The lack of authentication and user interaction requirements increases the attack surface, making it a prime target for attackers seeking to gather intelligence or prepare for further attacks.

For European organizations, this vulnerability poses a serious risk of unauthorized disclosure of sensitive information stored on MeetingHub servers. Exposure of configuration files, credentials, or internal documentation could facilitate further attacks such as privilege escalation, lateral movement, or data exfiltration. Organizations relying on MeetingHub for internal communications or meetings may suffer confidentiality breaches, undermining trust and compliance with data protection regulations like GDPR. Critical infrastructure sectors using MeetingHub could face increased risk of espionage or sabotage. The ease of exploitation without authentication means attackers can target exposed MeetingHub instances directly from the internet or internal networks, increasing the likelihood of compromise. The absence of known exploits in the wild currently provides a window for proactive mitigation, but the high CVSS score and vulnerability nature suggest rapid weaponization is possible. Overall, the impact includes loss of confidentiality, potential regulatory penalties, reputational damage, and operational disruption.

1. Immediately restrict network access to MeetingHub interfaces to trusted internal networks or VPNs to reduce exposure. 2. Monitor network traffic and logs for suspicious file access attempts or unusual path traversal patterns. 3. Implement web application firewalls (WAFs) with rules to detect and block path traversal payloads targeting MeetingHub. 4. Enforce strict input validation and sanitization on file path parameters to prevent traversal sequences (e.g., '../'). 5. Apply the official security patch from HAMASTAR Technology as soon as it becomes available. 6. Conduct a thorough audit of MeetingHub deployments to identify all exposed instances and prioritize remediation. 7. Limit file system permissions of the MeetingHub application to the minimum necessary to prevent access to sensitive files. 8. Educate IT and security teams about this vulnerability and update incident response plans to include potential exploitation scenarios. 9. Consider isolating MeetingHub servers in segmented network zones to contain potential breaches. 10. Regularly update and patch all related software components to reduce the attack surface.