Intrado 911 Emergency Gateway (EGW) 5.x, 6.x, and 7.x contain a path traversal flaw in the download_debuglog_file.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory. This allows an attacker to view sensitive files on the gateway, such as configuration or credential data, but does not provide write or delete capabilities.

The affected product is Intrado’s 911 Emergency Gateway. All installations running the EGW firmware prior to the March 2 2026 update are vulnerable. The vendor has released a patch to correct the path handling logic and has communicated with customers to deploy the fix.

The high CVSS score indicates a severe security risk, but the EPSS score of less than 1 % suggests that exploitation is currently unlikely. The vulnerability is not listed in CISA’s KEV catalog, meaning there are no publicly known recent exploits. Attackers can directly access the download_debuglog_file.php endpoint without authentication, providing access to any readable file on the system. Based on the description, it is inferred that exploitation requires connectivity to the endpoint, which is likely exposed via the EGW management interface, but the exact exposure is not specified.