CVE-2026-2464
Received Received - Intake
Path Traversal in AMR Printer Management Allows Sensitive File Disclosure

Publication date: 2026-02-18

Last updated on: 2026-02-18

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is accessible without authentication and runs with elevated privileges, amplifying the impact of the vulnerability. An attacker can exploit this condition to access sensitive and privileged files on the system using path traversal payloads. Successful exploitation of this vulnerability could lead to the unauthorized disclosure of internal system information, compromising the confidentiality of the affected environment.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-02-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2464
EUVD
EUVD-2026-8087
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
amr printer_management 1.01_beta
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-2464 is a path traversal vulnerability in the AMR Printer Management 1.01 Beta web service. It allows remote attackers to read arbitrary files on the underlying Windows system by sending specially crafted path traversal sequences to the web management service.

The web service is accessible without authentication and runs with elevated privileges, which increases the risk and impact of exploitation.

Exploiting this vulnerability enables attackers to access sensitive and privileged files on the system, potentially leading to unauthorized disclosure of internal system information.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive and privileged system files, compromising the confidentiality of the affected environment.

Because the web service runs with elevated privileges and requires no authentication, attackers can exploit it remotely to gain access to internal system information.

Such unauthorized access can result in exposure of critical data, potentially leading to further attacks or data breaches.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

The manufacturer has stated that the vulnerability has been fixed.

To mitigate this vulnerability, you should update the AMR Printer Management 1.01 Beta web service to the fixed version provided by the manufacturer.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2464. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart