Path Traversal in EAP Legislator_CVE-2026-1186

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L

Description

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x. system startup) where files will be extracted by the victim upon opening the file.
This issue was fixed in version 2.25a.

Basic Information

ID CVE-2026-1186

Source CERT-PL

Published Feb 2, 2026 at 13:59

Affected Product

Vendor ABC PRO SP. Z O.O.

Product EAP Legislator

Affected Versions ABC PRO SP. Z O.O. EAP Legislator 0

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x. system startup)\u00a0where files will be extracted by the victim upon opening the file.\nThis issue was fixed in version 2.25a.",
    "published": "2026-02-02T13:59:56.671Z",
    "modified": "2026-02-02T13:59:56.671Z",
    "type": "cve",
    "title": "Path Traversal in EAP Legislator",
    "source": "CERT-PL",
    "references": "https://abcpro.pl/eap-legislator\nhttps://cert.pl/posts/2026/02/CVE-2026-1186",
    "id": "CVE-2026-1186",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "ABC PRO SP. Z O.O. EAP Legislator 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EAP Legislator",
    "version": "0",
    "vendor": "ABC PRO SP. Z O.O.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}