Intrado 911 Emergency Gateway Vulnerability Disclosed

Intrado 911 Emergency Gateway Vulnerability 🚨

A newly disclosed path traversal vulnerability, tracked as CVE-2026-6074, impacts the Intrado 911 Emergency Gateway (EGW), which provides critical services to Emergency Services sectors worldwide. This condition, categorized as CWE-35, could allow an attacker with existing network access to access the EGW management interface without authentication. Successful exploitation of this vulnerability could allow an attacker to read, modify, or delete files on the affected system.

Affected Versions:

• Emergency Gateway 7.x
• Emergency Gateway 6.x
• Emergency Gateway 5.x

An anonymous source reported this vulnerability to CISA. The initial release date for this advisory was April 23rd, 2026. Intrado developed and released a software update on March 2nd, 2026, that addresses this issue and has contacted customers to coordinate applying the patch.

Recommendations from CISA:

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. These measures include:

• Minimizing network exposure for all control system devices and/or systems.
• Ensuring they are not accessible from the internet.
• Locating control system networks and remote devices behind firewalls and isolating them from business networks.

When remote access is required, more secure methods, such as Virtual Private Networks (VPNs), should be utilized. CISA notes that VPNs may have vulnerabilities and should be updated to the most current version available. It is also important to recognize that a VPN is only as secure as the connected devices. At this time, no known public exploitation specifically targeting this vulnerability has been reported to CISA.

For more details, you can read the complete article here: Read full article