Plattform
other
Komponente
icewarp
Behoben in
14.2.1
CVE-2026-2493 is a directory traversal vulnerability discovered in IceWarp, a collaboration platform. This flaw allows unauthenticated remote attackers to disclose sensitive information by manipulating the 'ticket' parameter in the collaboration endpoint. The vulnerability impacts IceWarp versions 14.2.0.10 through 14.2.0.10. A fix is available from the vendor.
Successful exploitation of CVE-2026-2493 allows an attacker to read arbitrary files on the server, potentially exposing sensitive data such as configuration files, user credentials, or internal documents. The lack of authentication required for exploitation significantly broadens the attack surface, making it accessible to a wide range of threat actors. This vulnerability presents a significant risk of data breaches and unauthorized access to critical systems. The ability to read files as root amplifies the potential impact, allowing attackers to gain a deeper understanding of the system's architecture and potentially escalate their privileges.
CVE-2026-2493 was publicly disclosed on 2026-03-13. The vulnerability was reported to ZDI as ZDI-CAN-25440. As of this writing, no public proof-of-concept exploits are known, but the ease of exploitation due to the lack of authentication suggests a medium probability of exploitation. It is not currently listed on CISA KEV.
Organizations utilizing IceWarp for collaboration and communication are at risk, particularly those running the affected versions (14.2.0.10–14.2.0.10). Shared hosting environments where multiple users share the same IceWarp instance are especially vulnerable, as a compromise of one user's account could potentially lead to the disclosure of data belonging to other users.
• windows / server: Monitor IceWarp server logs for unusual file access attempts or errors related to the collaboration endpoint. Use Sysinternals Process Monitor to observe file system activity and identify suspicious processes accessing sensitive files. • linux / server: Monitor IceWarp server logs for attempts to access files outside of the intended directory structure. Use auditd to track file access events and identify suspicious patterns.
auditctl -w /path/to/sensitive/files -p wa -k icewarp_traversal• generic web: Monitor web server access logs for requests to the collaboration endpoint with unusual parameters in the 'ticket' field. Use curl to test the endpoint with various input values and observe the response.
curl 'http://icewarp-server/collaboration?ticket=../../../../etc/passwd'disclosure
Exploit-Status
EPSS
15.24% (95% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-2493 is to upgrade to a patched version of IceWarp as soon as it becomes available. Until the upgrade can be performed, consider implementing temporary workarounds such as restricting access to the collaboration endpoint through a Web Application Firewall (WAF) or proxy server. Configure the WAF to block requests containing suspicious characters or patterns in the 'ticket' parameter. Thoroughly review IceWarp's configuration to ensure that file access permissions are appropriately restricted. After upgrading, verify the fix by attempting to access a restricted file via the collaboration endpoint; access should be denied.
Actualizar IceWarp a una versión posterior a la 14.2.0.10 para corregir la vulnerabilidad de recorrido de directorios. Consultar el sitio web del proveedor para obtener la última versión y las instrucciones de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-2493 is a Directory Traversal vulnerability in IceWarp allowing attackers to disclose sensitive information without authentication.
You are affected if you are running IceWarp versions 14.2.0.10 through 14.2.0.10. Upgrade to a patched version as soon as possible.
Upgrade to a patched version of IceWarp. Until then, implement WAF rules to restrict access to the collaboration endpoint.
While active exploitation is not confirmed, the vulnerability's ease of exploitation suggests a medium probability of exploitation.
Refer to the official IceWarp security advisory for details and updates regarding CVE-2026-2493.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.