Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Navtor NavBox exposes sensitive files to unauthorized access
CVE-2026-2753
Summary
The Navtor NavBox application has a security flaw that allows hackers to access sensitive information on the server. This can happen when an attacker submits special input that tricks the system into showing files it shouldn't. To fix this, update Navtor NavBox to the latest version or apply a patch to prevent unauthorized access to sensitive files.
Original title
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers ...
Original description
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful exploitation allows the attacker to retrieve arbitrary files from the underlying filesystem, limited only by the privileges of the service process. This can lead to the exposure of sensitive configuration files and system information.
nvd CVSS3.1
7.5
Vulnerability type
CWE-36
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026