Strix
26.1K

CVE-2026-2753

HIGHCVSS 7.5/10EPSS 0.45%

Last modified

CVE-2026-2753 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. EPSS estimates a 0.45% chance of exploitation in the next 30 days.

Description

An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful exploitation allows the attacker to retrieve arbitrary files from the underlying filesystem, limited only by the privileges of the service process. This can lead to the exposure of sensitive configuration files and system information.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.45%

36.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
NavtorNavbox Firmware>= 4.12.0.3, < 4.14.1.2

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2026-2753?
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful exploitation allows the attacker to retrieve arbitrary files from the underlying filesystem, limited only by the privileges of the service process. This can lead to the exposure of sensitive configuration files and system information.
How severe is CVE-2026-2753?
CVE-2026-2753 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.45% probability of exploitation in the next 30 days.
How do I fix CVE-2026-2753?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-2753?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST