CVE-2026-1523 is a path traversal vulnerability classified under CWE-22, found in all versions of PRIMION DIGITEK's Digitek ADT1100 and DT950 products. The vulnerability arises from improper limitation of pathname inputs, allowing attackers to manipulate URL-encoded directory traversal sequences (e.g., '%2F' representing '/') to escape the intended directory context. By crafting HTTP requests containing sequences like '..%2F..%2F..%2Fetc%2Fpasswd', an attacker can retrieve arbitrary files from the server's filesystem. This bypasses input validation mechanisms that should restrict file access to a designated directory. The vulnerability requires no authentication or user interaction and can be exploited remotely over the network, increasing its risk profile. The CVSS 4.0 vector (AV:N/AC:L/AT:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) reflects a high impact on confidentiality with low attack complexity and no privileges required. Although no exploits are currently known in the wild, the ease of exploitation and potential for sensitive data exposure make this a critical issue. The affected devices are often used in access control and security management, increasing the potential impact of unauthorized file access. The lack of available patches at the time of disclosure necessitates immediate mitigation steps to reduce exposure.

For European organizations, this vulnerability poses a significant risk of unauthorized disclosure of sensitive files, including configuration files, credentials, or other critical data stored on the affected devices. Such exposure could facilitate further attacks, including privilege escalation or lateral movement within networks. Organizations in sectors such as government, critical infrastructure, manufacturing, and building security that deploy PRIMION DIGITEK devices for access control or security monitoring are particularly vulnerable. The compromise of these devices could undermine physical security controls and lead to broader operational disruptions. Additionally, the ability to remotely exploit this vulnerability without authentication increases the attack surface, especially if devices are accessible from less secure network segments or the internet. The potential impact extends beyond confidentiality to operational integrity if attackers leverage disclosed information to disrupt or manipulate device functions.

Immediate mitigation should focus on network-level controls: restrict access to Digitek ADT1100 and DT950 devices to trusted internal networks and management stations only, using firewalls and network segmentation. Implement strict ingress filtering to prevent unauthorized external access. Monitor device logs and network traffic for suspicious requests containing directory traversal patterns or unusual file access attempts. Until official patches are released, consider deploying web application firewalls (WAFs) or intrusion prevention systems (IPS) with custom rules to detect and block URL-encoded traversal sequences targeting these devices. Review and harden device configurations to minimize exposed services and disable unnecessary features. Engage with PRIMION DIGITEK for patch availability and apply updates promptly once released. Conduct security awareness training for administrators managing these devices to recognize exploitation indicators. Finally, perform regular vulnerability assessments and penetration tests focusing on these devices to identify and remediate exposure.