CVE-2026-1330
Published: 22 January 2026
Summary
CVE-2026-1330 is a high-severity Absolute Path Traversal (CWE-36) vulnerability in Hamastar Meetinghub Paperless Meetings. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file read via path traversal on a network-accessible application directly enables remote exploitation of a public-facing service (T1190) and retrieval of sensitive local system files (T1005).
NVD Description
MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
Deeper analysisAI
CVE-2026-1330 is an Arbitrary File Read vulnerability affecting MeetingHub, a product developed by HAMASTAR Technology. The flaw enables Absolute Path Traversal, allowing attackers to download arbitrary system files. Published on 2026-01-22, it is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-36.
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges, user interaction, or scope changes. Successful exploitation grants high-impact confidentiality violations by enabling the retrieval of sensitive system files.
Advisories from TWCERT/CC detail the vulnerability and mitigation guidance, available at https://www.twcert.org.tw/en/cp-139-10651-ff09c-2.html and https://www.twcert.org.tw/tw/cp-132-10650-a5ee9-1.html.
Details
- CWE(s)