PatchSiren cyber security CVE debrief
CVE-2026-2753 Navtor CVE debrief
CVE-2026-2753 is a HIGH-severity vulnerability in Navtor NavBox, with a CVSS score of 7.5. The vulnerability exists due to improper sanitization of user-supplied path input in the exposed HTTP service. This allows unauthenticated remote attackers to submit requests containing absolute filesystem paths, potentially leading to the exposure of sensitive configuration files and system information.
- Vendor
- Navtor
- Product
- NavBox
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-06
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-03-06
- Advisory updated
- 2026-06-05
Who should care
Users of Navtor NavBox, especially those using version 4.12.0.3 or earlier, should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by the application's failure to properly sanitize user-supplied path input. This allows attackers to retrieve arbitrary files from the underlying filesystem, limited only by the privileges of the service process.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to a version of Navtor NavBox that is not vulnerable (e.g., version 4.14.1.2 or later).
- Implement proper input validation and sanitization for user-supplied path input.
- Restrict access to the HTTP service to only trusted users and networks.
Evidence notes
The CVE record and NVD detail pages provide additional information about this vulnerability.
Official resources
-
CVE-2026-2753 CVE record
CVE.org
-
CVE-2026-2753 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
56a186b1-7f5e-4314-ba38-38d5499fccfd - Third Party Advisory
-
Mitigation or vendor reference
56a186b1-7f5e-4314-ba38-38d5499fccfd - Vendor Advisory
CVE-2026-2753 was published on 2026-03-06T15:16:11.157Z and modified on 2026-06-05T16:40:37.327Z.