CVE-2026-6074
published 2026-04-23CVE-2026-6074: Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.55%
42.0th percentile
Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal vulnerability in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intrado | 911_emergency_gateway | — | — |
| intrado | 911_emergency_gateway | — | — |
| intrado | 911_emergency_gateway | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7v49-538c-cx3p: A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing network access the ability to access the EGW managem
ghsa_unreviewed·2026-04-23
CVE-2026-6074 [CRITICAL] CWE-35 GHSA-7v49-538c-cx3p: A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing network access the ability to access the EGW managem
A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing network access the ability to access the EGW management interface without authentication. Successful exploitation of this vulnerability could allow a user to read, modify, or delete files.
VulDB
Intrado 911 Emergency Gateway 5.x/6.x/7.x EGW Management Interface path traversal (icsa-26-113-06)
vuldb·2026-04-23·CVSS 9.3
CVE-2026-6074 [CRITICAL] Intrado 911 Emergency Gateway 5.x/6.x/7.x EGW Management Interface path traversal (icsa-26-113-06)
A vulnerability was found in Intrado 911 Emergency Gateway 5.x/6.x/7.x and classified as critical. This affects an unknown function of the component EGW Management Interface. The manipulation results in path traversal: '.../...//'.
This vulnerability is reported as CVE-2026-6074. The attack can be launched remotely. No exploit exists.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-23
Published