CVE-2026-1186 in EAP Legislator
Summary
by MITRE • 02/02/2026
EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x. system startup) where files will be extracted by the victim upon opening the file. This issue was fixed in version 2.25a.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/03/2026
The vulnerability identified as CVE-2026-1186 affects the EAP Legislator application, which is designed for handling legislative documents and related files. This software processes various file formats including zipx archives, which are the default file type used by the application for document management. The vulnerability stems from insufficient input validation within the file extraction functionality of the application, creating a path traversal condition that allows malicious actors to manipulate the extraction process.
The technical flaw manifests when the application processes zipx archives without proper sanitization of file paths contained within these archives. An attacker can craft a malicious zipx file containing specially constructed file paths that, when extracted by the victim application, will write files to arbitrary locations on the victim's system. This includes potentially critical system directories or startup locations, allowing for unauthorized file placement and execution. The vulnerability specifically enables attackers to bypass normal directory boundaries and write files outside the intended extraction directory, effectively creating a path traversal attack vector.
The operational impact of this vulnerability is significant as it allows for privilege escalation and persistent compromise of systems running the affected EAP Legislator application. When a victim opens a malicious zipx archive, the application automatically extracts files to the specified paths without proper validation, potentially placing malicious executables or configuration files in system startup directories. This creates opportunities for initial access persistence and can be leveraged for further exploitation. The vulnerability affects any system where the application processes untrusted zipx archives, making it particularly dangerous in environments where users frequently open downloaded documents.
The fix implemented in version 2.25a addresses this vulnerability by introducing proper input validation and path sanitization within the file extraction process. This includes implementing strict checks on file paths contained within zipx archives to ensure they remain within the intended directory boundaries. The update likely incorporates directory traversal prevention mechanisms that reject or normalize file paths containing relative path components such as ".." or absolute paths starting with "/". This remediation aligns with security best practices for file handling and follows the principle of least privilege by ensuring file operations occur only within designated safe directories.
This vulnerability maps to CWE-22 Path Traversal and can be categorized under ATT&CK technique T1059 Command and Scripting Interpreter for potential execution of malicious code placed through the traversal. The attack chain typically involves initial access through social engineering to convince victims to open malicious zipx files, followed by automatic extraction and potential execution. Organizations should implement file validation policies, restrict user permissions, and maintain updated software versions to mitigate this risk. The vulnerability highlights the importance of proper input validation in file handling operations and demonstrates how seemingly benign file processing functionality can become a critical security weakness when proper sanitization is omitted.