{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T18:00:29.544","vulnerabilities":[{"cve":{"id":"CVE-2026-1523","sourceIdentifier":"cve-coordination@incibe.es","published":"2026-02-05T14:16:04.420","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server's file system, thet is, 'http://<host>/..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd'. By manipulating the input to include URL encoded directory traversal sequences (e.g., %2F representing /), an attacker can bypass the input validation mechanisms ans retrieve sensitive files outside the intended directory, which could lead to information disclosure or further system compromise."},{"lang":"es","value":"Vulnerabilidad de recorrido de rutas en Digitek ADT1100 y Digitek DT950 de PRIMION DIGITEK, S.L.U (Grupo Azkoyen). Esta vulnerabilidad permite a un atacante acceder a archivos arbitrarios en el sistema de archivos del servidor, es decir, 'http:///..%2F..% 2F..%2F..%2F..% 2F..%2F..%2F..%2F..%2Fetc%2 Fpasswd'. Al manipular la entrada para incluir secuencias de recorrido de directorios codificadas en URL (por ejemplo, %2F que representa /), un atacante puede eludir los mecanismos de validación de entradas y recuperar archivos confidenciales fuera del directorio previsto, lo que podría dar lugar a la divulgación de información o a un mayor compromiso del sistema."}],"metrics":{"cvssMetricV40":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversal-digitek-grupo-azkoyen","source":"cve-coordination@incibe.es"}]}}]}