Absolute Path Traversal Vulnerability in Navtor NavBox
CVE-2026-2753

7.5HIGH

Key Information:

Vendor: Navtor
Status: Navbox
Vendor: CVE Published:; 6 March 2026

What is CVE-2026-2753?

An Absolute Path Traversal vulnerability in Navtor NavBox allows unauthenticated remote attackers to exploit the application's HTTP service. By submitting malicious requests containing absolute filesystem paths, attackers can bypass security measures and access restricted files on the server. This vulnerability can lead to the disclosure of sensitive configuration files and critical system information, posing significant risks to the affected systems. Organizations using this application should prioritize implementing appropriate security measures to mitigate potential exploit risks.

Affected Version(s)

NavBox 4.12.0.3

NavBox 4.14.1.2

References

https://cydome.io/vulnerability-advisory-cve-2026-2753-in...

technical-description

https://www.navtor.com/navtor-vendor-statement

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2026
Vulnerability Reserved
Feb 19, 2026

Credit

Cydome Security Ltd

CVE-2026-2753 Data

JSON