CVE-2026-2493
Published: 16 March 2026
Summary
CVE-2026-2493 is a uncategorised-severity Path Traversal (CWE-22) vulnerability in Zerodayinitiative (inferred from references). Its CVSS base score is N/A.
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AU-13 (Monitoring for Information Disclosure) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the core flaw by requiring validation of user-supplied paths like the ticket parameter prior to file operations, preventing directory traversal.
Addresses the lack of authentication requirement by limiting permitted actions on unauthenticated collaboration endpoints to reduce exploitation risk.
Enables monitoring for unauthorized information disclosures resulting from directory traversal attempts on the collaboration endpoint.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote directory traversal in public-facing IceWarp collaboration endpoint directly enables T1190 for initial access and T1005 for arbitrary local file reads (configs, user data) as root.
NVD Description
IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling of the ticket parameter provided…
more
to the collaboration endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-25440.
Deeper analysisAI
CVE-2026-2493 is a directory traversal information disclosure vulnerability affecting IceWarp collaboration software. The flaw resides in the handling of the ticket parameter provided to the collaboration endpoint, where insufficient validation of a user-supplied path allows file operations to access unintended locations. This issue, classified under CWE-22, enables remote attackers to disclose sensitive information from affected installations running in the context of root. The vulnerability was publicly disclosed on March 16, 2026, and previously tracked as ZDI-CAN-25440.
Remote attackers can exploit this vulnerability without authentication by sending crafted requests to the collaboration endpoint. Successful exploitation allows disclosure of sensitive files accessible to the root user, potentially exposing configuration data, user information, or other critical system details on vulnerable IceWarp servers.
The Zero Day Initiative published an advisory at https://www.zerodayinitiative.com/advisories/ZDI-26-130/, which details the vulnerability and likely includes recommendations for mitigation, such as applying vendor patches or implementing input validation on the affected endpoint. Security practitioners should consult this advisory for specific remediation steps and verify IceWarp patch status.
Details
- CWE(s)