CVE-2026-2493 in IceWarpinfo

Summary

by MITRE • 03/16/2026

IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability.

The specific flaw exists within handling of the ticket parameter provided to the collaboration endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-25440.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Disclosure

03/16/2026

Moderation

accepted

Entry

VDB-347919

CPE

ready

CWE

CWE-22 (confirmed)

CVSS

5.3 (VulDB)

EPSS

0.50565

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-2493
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-2493
CVE Details	https://www.cvedetails.com/cve/CVE-2026-2493/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!