// #cvss-critical
2 articles
CVE-2026-6074: Unauthenticated Path Traversal in Intrado 911 Emergency Gateway Threatens PSAP Call Routing
CISA ICS advisory ICSA-26-113-06 discloses CVE-2026-6074, a CVSS 9.1 path traversal flaw in Intrado 911 Emergency Gateway versions 5.x–7.x that allows unauthenticated network access to read, write, and delete arbitrary files on the management interface. Exploitation could modify 911 call routing rules or disable emergency call processing. Intrado patched on March 2 2026 and is directly contacting affected PSAP operators.
Wormable Windows TCP/IP Race Condition RCE (CVE-2026-33827) — IPv6-Enabled Networks Face EternalBlue-Class Propagation Risk
A race condition in the Windows TCP/IP stack allows unauthenticated remote code execution against systems with IPv6 or IPSec enabled, demonstrated at Pwn2Own 2026 and patched in April's Patch Tuesday. The vulnerability's wormable characteristics — no user interaction, no authentication, network-adjacent propagation — place it in the same risk category as EternalBlue for environments that have not applied the April update.