CVE-2026-6074 PUBLISHED

Path traversal: '.../...//' in Intrado 911 Emergency Gateway (EGW)

Assigner: icscert
Reserved: 10.04.2026 Published: 23.04.2026 Updated: 23.04.2026

A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing network access the ability to access the EGW management interface without authentication. Successful exploitation of this vulnerability could allow a user to read, modify, or delete files.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Intrado
Product	911 Emergency Gateway
Versions	Default: unaffected Version Versions 7.x is affected Version Versions 6.x is affected Version Versions 5.x is affected

Solutions

Intrado developed and released a software update on March 2nd, 2026, that addresses this issue and has contacted customers to coordinate applying the patch.

If you have questions, contact Intrado E911 Support: E911Support@intrado.com

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-06

Problem Types

CWE-35 Path traversal: '.../...//' CWE