CVE-2026-2464
Received Received - Intake
Path Traversal in AMR Printer Management Allows Sensitive File Disclosure

Publication date: 2026-02-18

Last updated on: 2026-02-18

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is accessible without authentication and runs with elevated privileges, amplifying the impact of the vulnerability. An attacker can exploit this condition to access sensitive and privileged files on the system using path traversal payloads. Successful exploitation of this vulnerability could lead to the unauthorized disclosure of internal system information, compromising the confidentiality of the affected environment.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-02-18
Generated
2026-05-27
AI Q&A
2026-02-18
EPSS Evaluated
2026-05-25
NVD
CVE-2026-2464
EUVD
EUVD-2026-8087
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
amr printer_management 1.01_beta
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-2464 is a path traversal vulnerability in the AMR Printer Management 1.01 Beta web service. It allows remote attackers to read arbitrary files on the underlying Windows system by sending specially crafted path traversal sequences to the web management service.

The web service is accessible without authentication and runs with elevated privileges, which increases the risk and impact of exploitation.

Exploiting this vulnerability enables attackers to access sensitive and privileged files on the system, potentially leading to unauthorized disclosure of internal system information.


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized disclosure of sensitive and privileged system files, compromising the confidentiality of the affected environment.

Because the web service runs with elevated privileges and requires no authentication, attackers can exploit it remotely to gain access to internal system information.

Such unauthorized access can result in exposure of critical data, potentially leading to further attacks or data breaches.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

The manufacturer has stated that the vulnerability has been fixed.

To mitigate this vulnerability, you should update the AMR Printer Management 1.01 Beta web service to the fixed version provided by the manufacturer.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart