CVE-2026-1186

N/A Unknown

Path Traversal

📋 TL;DR

EAP Legislator contains a path traversal vulnerability in its file extraction functionality. Attackers can craft malicious zipx archives that, when opened by victims, extract files to arbitrary system locations outside intended directories. This affects all users running vulnerable versions of EAP Legislator software.

💻 Affected Systems

Products:

• EAP Legislator

Versions: All versions before 2.25a

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default zipx file handling functionality; no special configuration required for exploitation.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via extraction of malicious executables to startup directories or critical system paths, leading to persistent malware installation or system takeover.

🟠

Likely Case

Local file system manipulation allowing attackers to overwrite system files, install backdoors, or extract sensitive data to attacker-controlled locations.

🟢

If Mitigated

Limited impact with proper file validation and restricted user permissions preventing writes to critical system directories.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires victim interaction to open malicious zipx file; no authentication needed for file extraction functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.25a

Vendor Advisory: https://abcpro.pl/eap-legislator

Restart Required: Yes

Instructions:

1. Download version 2.25a from official vendor site. 2. Backup current configuration. 3. Install update. 4. Restart application. 5. Verify version shows 2.25a.

🔧 Temporary Workarounds

Disable zipx file association

all

Prevent EAP Legislator from automatically opening zipx files

Copy

Windows: assoc .zipx=
Linux/macOS: Remove .zipx file association from EAP Legislator preferences

Restrict file extraction permissions

all

Configure application to run with limited user privileges

Copy

Windows: Run as standard user without admin rights
Linux/macOS: chmod 755 /path/to/eap-legislator && run as non-root user

🧯 If You Can't Patch

• Implement application whitelisting to block execution of files extracted to unauthorized locations
• Deploy endpoint detection that monitors for file writes to system directories from EAP Legislator process

🔍 How to Verify

Check if Vulnerable:

Copy

Check EAP Legislator version; if below 2.25a, system is vulnerable

Check Version:

Copy

EAP Legislator: Help -> About or eap-legislator --version

Verify Fix Applied:

Copy

Verify version shows 2.25a and test with known safe zipx files to confirm proper extraction path validation

📡 Detection & Monitoring

Log Indicators:

• File extraction events to paths containing '..' or absolute system paths
• Process creation from EAP Legislator writing to system directories

Network Indicators:

• Downloads of zipx files followed by file system writes to unusual locations

SIEM Query:

Copy

process_name:"eap-legislator" AND file_write_path:(C:\Windows\* OR /etc/* OR /usr/* OR ..)

📊 Metadata

CVE ID: CVE-2026-1186

CVSS v3 Score: N/A (Unknown)

CWE: CWE-22

Published: February 2, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

• https://abcpro.pl/eap-legislator
• https://cert.pl/posts/2026/02/CVE-2026-1186

📤 Share This

Twitter LinkedIn Reddit Copy Link