CVE-2026-2464

Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is accessible without authentication and runs with elevated privileges, amplifying the impact of the vulnerability. An attacker can exploit this condition to access sensitive and privileged files on the system using path traversal payloads. Successful exploitation of this vulnerability could lead to the unauthorized disclosure of internal system information, compromising the confidentiality of the affected environment.

CVSS

No CVSS.

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/directory-traversal-amr-printer-management-amr

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de salto de ruta en el servicio web AMR Printer Management 1.01 Beta, que permite a atacantes remotos leer archivos arbitrarios del sistema Windows subyacente mediante el uso de secuencias de salto de ruta especialmente diseñadas en solicitudes dirigidas al servicio de gestión web. El servicio es accesible sin autenticación y se ejecuta con privilegios elevados, amplificando el impacto de la vulnerabilidad. Un atacante puede explotar esta condición para acceder a archivos sensibles y privilegiados en el sistema utilizando cargas útiles de salto de ruta. La explotación exitosa de esta vulnerabilidad podría conducir a la divulgación no autorizada de información interna del sistema, comprometiendo la confidencialidad del entorno afectado.

18 Feb 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-18 14:16

Updated : 2026-06-17 10:31

NVD link : CVE-2026-2464

Mitre link : CVE-2026-2464

CVE.ORG link : CVE-2026-2464

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2026-2464", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-2464", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-18T14:46:02.401249Z"}}], "cvssMetricV40": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "cve-coordination@incibe.es", "affectedData": [{"vendor": "AMR", "product": "AMR Printer Management Beta web service", "versions": [{"status": "affected", "version": "1.01"}], "defaultStatus": "unaffected"}]}], "published": "2026-02-18T14:16:07.120", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/directory-traversal-amr-printer-management-amr", "source": "cve-coordination@incibe.es"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is accessible without authentication and runs with elevated privileges, amplifying the impact of the vulnerability. An attacker can exploit this condition to access sensitive and privileged files on the system using path traversal payloads. Successful exploitation of this vulnerability could lead to the unauthorized disclosure of internal system information, compromising the confidentiality of the affected environment."}, {"lang": "es", "value": "Vulnerabilidad de salto de ruta en el servicio web AMR Printer Management 1.01 Beta, que permite a atacantes remotos leer archivos arbitrarios del sistema Windows subyacente mediante el uso de secuencias de salto de ruta especialmente dise\u00f1adas en solicitudes dirigidas al servicio de gesti\u00f3n web. El servicio es accesible sin autenticaci\u00f3n y se ejecuta con privilegios elevados, amplificando el impacto de la vulnerabilidad. Un atacante puede explotar esta condici\u00f3n para acceder a archivos sensibles y privilegiados en el sistema utilizando cargas \u00fatiles de salto de ruta. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda conducir a la divulgaci\u00f3n no autorizada de informaci\u00f3n interna del sistema, comprometiendo la confidencialidad del entorno afectado."}], "lastModified": "2026-06-17T10:31:06.627", "sourceIdentifier": "cve-coordination@incibe.es"}