CVE-2026-2464 | THREATINT

Description

Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is accessible without authentication and runs with elevated privileges, amplifying the impact of the vulnerability. An attacker can exploit this condition to access sensitive and privileged files on the system using path traversal payloads. Successful exploitation of this vulnerability could lead to the unauthorized disclosure of internal system information, compromising the confidentiality of the affected environment.

PUBLISHED Reserved 2026-02-13 | Published 2026-02-18 | Updated 2026-02-18 | Assigner INCIBE

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

1.01

affected

Credits

Daniel Damota Maldonado finder

References

www.incibe.es/...ectory-traversal-amr-printer-management-amr patch

cve.org (CVE-2026-2464)

nvd.nist.gov (CVE-2026-2464)

Download JSON