Vulnerability Description
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful exploitation allows the attacker to retrieve arbitrary files from the underlying filesystem, limited only by the privileges of the service process. This can lead to the exposure of sensitive configuration files and system information.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://cydome.io/vulnerability-advisory-cve-2026-2753-in-navtor-navbox-version-
- https://www.navtor.com/navtor-vendor-statement
FAQ
What is CVE-2026-2753?
CVE-2026-2753 is a vulnerability with a CVSS score of 7.5 (HIGH). An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can...
How severe is CVE-2026-2753?
CVE-2026-2753 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-2753?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.