CVE-2026-1186

Name of the Vulnerable Software and Affected Versions EAP Legislator versions prior to 2.25a

Description EAP Legislator is susceptible to a Path Traversal issue within its file extraction functionality. An attacker can craft a malicious zipx archive – the default file type used by the application – and specify an arbitrary path outside the intended directory. Upon opening the crafted file, the application will extract files to the attacker-defined location, potentially including sensitive system areas like the system startup directory.

Recommendations Update to version 2.25a or later.