A critical security has been discovered in the Intrado 911 Emergency Gateway (EGW). The vulnerability, designated as CVE-2026-6074, carries a CVSS score of 9.8, signaling an almost maximum level of risk for organizations relying on this critical system.
The flaw is rooted in a “path traversal” condition—a common but dangerous weakness that allows attackers to navigate outside of intended folders to reach restricted areas of a system.
The most alarming aspect of this is its simplicity. If an attacker already has access to the organization’s network, they can bypass the standard login process entirely.
According to the vulnerability advisory, “A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing network access the ability to access the EGW management interface without authentication”.
Once inside the management interface, the attacker is no longer a mere spectator. They gain full “read, modify, or delete” permissions over sensitive system files. This could lead to the permanent loss of configuration data, the theft of sensitive emergency logs, or the complete disruption of life-saving 911 services.
The vulnerability is widespread, affecting multiple generations of the Emergency Gateway hardware and software:
- Emergency Gateway 7.x
- Emergency Gateway 6.x
- Emergency Gateway 5.x
Intrado moved swiftly to address the risk, releasing a software update on March 2nd, 2026. The company has reportedly begun reaching out to its global customer base to coordinate the application of this vital patch. If your organization manages an Intrado 911 Gateway, you should not wait for a phone call—verify your version immediately and apply the update to secure your emergency infrastructure.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
