EUVD-2026-12109CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3Description
IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling of the ticket parameter provided to the collaboration endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-25440.
Analysis
IceWarp collaboration platform contains an unauthenticated directory traversal vulnerability that allows remote attackers to read sensitive files from the server. The flaw exists in HTTP request handling, enabling access to configuration files, user data, and potentially email contents stored on the server.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all IceWarp deployments and assess network exposure; isolate affected systems or restrict network access if business-critical. Within 7 days: Implement WAF rules to block directory traversal patterns targeting IceWarp; apply network segmentation to limit lateral movement if compromise occurs. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today