---
title: "Critical Path Traversal Flaw in Intrado 911 Emergency Gateway (CVE-2026-6074)"
short_title: "Critical flaw in Intrado 911 EGW exposes files"
description: "A severe path traversal vulnerability in Intrado 911 Emergency Gateway (CVE-2026-6074) allows attackers to read, modify, or delete files. Patch now to secure emergency systems."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [cve-2026-6074, path-traversal, emergency-services, intrado, critical-vulnerability]
score: 0.95
cve_ids: [CVE-2026-6074]
---
## TL;DR
A critical path traversal vulnerability (CVE-2026-6074) in Intrado 911 Emergency Gateway (EGW) could allow unauthenticated attackers to access, modify, or delete sensitive files. Affecting versions 5.x, 6.x, and 7.x, this flaw poses a severe risk to emergency services worldwide. Intrado has released a patch—apply it immediately to mitigate potential exploitation.
Main Content
### Introduction
Emergency services rely on robust and secure communication systems to ensure public safety. However, a newly disclosed critical vulnerability in Intrado’s 911 Emergency Gateway (EGW) threatens the integrity of these systems. Tracked as CVE-2026-6074, this path traversal flaw could enable attackers to bypass authentication and gain unauthorized access to the EGW management interface. If exploited, this vulnerability could lead to data breaches, system compromise, or disruption of emergency services.
### Key Points
- Critical Vulnerability: CVE-2026-6074 is a path traversal flaw with a CVSS score of 9.8 (Critical), allowing unauthenticated access to the EGW management interface.
- Affected Versions: Intrado EGW versions 5.x, 6.x, and 7.x are vulnerable.
- Global Impact: Deployed worldwide, this system is critical to emergency services infrastructure, making this flaw particularly high-risk.
- Exploitation Risk: Attackers with network access could read, modify, or delete files, potentially disrupting 911 services.
- Patch Available: Intrado released a software update on March 2, 2026, to address this issue. Users must apply it immediately.
### Technical Details
#### Vulnerability Overview
CVE-2026-6074 is a path traversal vulnerability in the Intrado 911 Emergency Gateway. It arises from improper validation of user-supplied input, allowing attackers to traverse directories and access files outside the intended scope. The flaw is classified under CWE-35: Path Traversal: '.../...//'.
#### Attack Vector
- Access Required: Attackers need existing network access to exploit this vulnerability.
- Exploitation Method: By sending crafted requests to the EGW management interface, attackers can bypass authentication and gain unauthorized access to sensitive files.
- Impact: Successful exploitation could lead to:
- Unauthorized file access (read, modify, or delete).
- Disruption of emergency services if critical files are altered or deleted.
- Potential lateral movement within the network if additional vulnerabilities exist.
#### CVSS Metrics
The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical) with the following vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector (AV:N): Exploitable remotely over the network.
- Attack Complexity (AC:L): Low complexity; no special conditions required.
- Privileges Required (PR:N): No privileges required.
- User Interaction (UI:N): No user interaction needed.
- Scope (S:U): Impact confined to the vulnerable component.
- Confidentiality (C:H): High impact on data confidentiality.
- Integrity (I:H): High impact on data integrity.
- Availability (A:H): High impact on system availability.
### Impact Assessment
#### Sector-Specific Risks
- Emergency Services: As a critical infrastructure sector, emergency services rely on the integrity of systems like Intrado EGW. Exploitation of this vulnerability could disrupt 911 operations, leading to delayed response times or failed emergency communications.
- Global Deployment: With systems deployed worldwide, the potential for widespread impact is significant. Organizations in the U.S. and beyond must act swiftly to mitigate risks.
#### Potential Consequences
- Data Breaches: Attackers could access sensitive files, including call logs, user data, or system configurations.
- Service Disruption: Modification or deletion of critical files could render the EGW inoperable, disrupting emergency communications.
- Reputation Damage: Organizations failing to patch this vulnerability risk loss of public trust and regulatory scrutiny.
### Mitigation Steps
#### Immediate Actions
1. Apply the Patch: Intrado released a software update on March 2, 2026, to address CVE-2026-6074. Users must install the patch immediately to secure their systems.
2. Contact Support: For assistance, reach out to Intrado E911 Support at [[email protected]](mailto:[email protected]).
3. Isolate Systems: Minimize network exposure for EGW devices. Ensure they are not accessible from the internet and are placed behind firewalls.
4. Segment Networks: Locate control system networks and remote devices behind firewalls, isolating them from business networks.
5. Use Secure Remote Access: When remote access is required, use secure methods like VPNs (ensure they are updated to the latest version).
#### Long-Term Strategies
- Regular Audits: Conduct periodic security audits to identify and address vulnerabilities in critical systems.
- Defense-in-Depth: Implement a layered security approach to protect against potential threats. Refer to CISA’s Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies for guidance.
- Employee Training: Educate staff on social engineering attacks and best practices for recognizing phishing attempts. Refer to CISA’s Recognizing and Avoiding Email Scams and Avoiding Social Engineering and Phishing Attacks.
### Affected Systems
The following versions of Intrado 911 Emergency Gateway (EGW) are affected by CVE-2026-6074:
- Emergency Gateway 7.x
- Emergency Gateway 6.x
- Emergency Gateway 5.x
## Conclusion
The discovery of CVE-2026-6074 in Intrado’s 911 Emergency Gateway underscores the critical importance of securing systems that underpin emergency services. With a CVSS score of 9.8, this vulnerability poses a severe risk to organizations worldwide. Immediate action is required to apply the patch, isolate systems, and implement defensive measures to prevent exploitation.
Organizations must prioritize cybersecurity for critical infrastructure to ensure the safety and reliability of emergency services. Stay vigilant, keep systems updated, and follow best practices to mitigate risks effectively.
## References
[^1]: CISA. "ICSA-26-113-06 Intrado 911 Emergency Gateway (EGW) Path Traversal Vulnerability". Retrieved 2024-10-02.
[^2]: MITRE. "CWE-35: Path Traversal: '.../...//'". Retrieved 2024-10-02.
[^3]: NIST. "CVE-2026-6074 Detail". Retrieved 2024-10-02.
[^4]: Intrado. "[E911 Support Contact](mailto:[email protected])". Retrieved 2024-10-02.