{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T18:27:43.689","vulnerabilities":[{"cve":{"id":"CVE-2026-1186","sourceIdentifier":"cvd@cert.pl","published":"2026-02-02T14:16:34.210","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x. system startup) where files will be extracted by the victim upon opening the file.\nThis issue was fixed in version 2.25a."},{"lang":"es","value":"EAP Legislator es vulnerable a salto de ruta en la funcionalidad de extracción de archivos. El atacante puede preparar un archivo zipx (tipo de archivo predeterminado utilizado por la aplicación Legislator) y elegir una ruta arbitraria fuera del directorio previsto (p. ej., inicio del sistema) donde los archivos serán extraídos por la víctima al abrir el archivo.\nEste problema fue solucionado en la versión 2.25a."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://abcpro.pl/eap-legislator","source":"cvd@cert.pl"},{"url":"https://cert.pl/posts/2026/02/CVE-2026-1186","source":"cvd@cert.pl"}]}}]}