CVE-2026-1523
Published: 05 February 2026
Summary
CVE-2026-1523 is a high-severity Path Traversal (CWE-22) vulnerability in Incibe (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, ranked in the top 39.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5550
- 🇪🇸 INCIBE: www.incibe.es
Vulnerability details
Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server's file system, thet is, 'http://<host>/..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd'. By manipulating the input to include URL…
more
encoded directory traversal sequences (e.g., %2F representing /), an attacker can bypass the input validation mechanisms ans retrieve sensitive files outside the intended directory, which could lead to information disclosure or further system compromise.
- CWE(s)
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.