CVE-2026-2753

Name of the Vulnerable Software and Affected Versions Navtor NavBox (affected versions not specified)

Description An Absolute Path Traversal issue exists in Navtor NavBox. The application’s HTTP service does not properly sanitize user-supplied path input. Remote attackers can exploit this by submitting requests containing absolute filesystem paths. Successful exploitation allows retrieval of arbitrary files from the filesystem, limited by the service process privileges. This can expose sensitive configuration files and system information. The vulnerability involves improper handling of user-supplied paths, potentially through a vulnerable parameter or variable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.