Back to search
CVE-2026-1186
Published: Feb 2, 2026
Modified: Feb 2, 2026
PUBLISHED
Description
EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x. system startup) where files will be extracted by the victim upon opening the file. This issue was fixed in version 2.25a.
| Vendor | Product | Versions |
|---|---|---|
ABC PRO SP. Z O.O. | EAP Legislator | affected 0 - <= 2.25 |
Weaknesses (CWE)
References
https://cert.pl/posts/2026/02/CVE-2026-1186
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now