Skip to main content

Estima

1 CVEs product

Monthly

CVE-2026-7185 MEDIUM PATCH This Month

Path traversal in the T-Systems TAO 2.0 suite - spanning Archivo, MyTAO, Estima, and BuroWeb - allows an authenticated low-privileged attacker to escape the application's intended file scope via crafted paths submitted to web-based file management or upload features, yielding high confidentiality impact. The CVSS 4.0 vector confirms network accessibility with low privileges required and an additional attack prerequisite (AT:P), tempering the otherwise straightforward exploitation profile. A vendor patch is available per INCIBE advisory; no public exploit code or CISA KEV listing has been identified at time of analysis.

Path Traversal Archivo Mytao Estima Buroweb
NVD
CVSS 4.0
6.0
EPSS
0.3%
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Path traversal in the T-Systems TAO 2.0 suite - spanning Archivo, MyTAO, Estima, and BuroWeb - allows an authenticated low-privileged attacker to escape the application's intended file scope via crafted paths submitted to web-based file management or upload features, yielding high confidentiality impact. The CVSS 4.0 vector confirms network accessibility with low privileges required and an additional attack prerequisite (AT:P), tempering the otherwise straightforward exploitation profile. A vendor patch is available per INCIBE advisory; no public exploit code or CISA KEV listing has been identified at time of analysis.

Path Traversal Archivo Mytao +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy