Latest Product Updates and Feature Enhancements on IceWarp
CVE-2026-2493 : IceWarp collaboration Directory Traversal Information ...
IceWarp's collaboration software is vulnerable to a directory traversal flaw (CVE-2026-2493), allowing unauthorized access to sensitive information. The issue stems from improper path validation in t...he collaboration endpoint. This vulnerability has a high CVSS score of 7.5, indicating significant risk.
Critical Unauthenticated RCE Vulnerability in IceWarp Leaves 1, 200 ...
A critical unauthenticated remote code execution (RCE) vulnerability in IceWarp, tracked as CVE-2025-14500, exposes over 1,200 servers to potential attacks. This flaw allows attackers to execute comm...ands with system-level privileges without authentication, affecting multiple IceWarp versions. Users are urged to apply the latest security updates immediately, as patching is the only solution.
Over 1, 200 IceWarp servers still vulnerable to unauthenticated RCE flaw ...
Over 1,200 IceWarp servers remain vulnerable to a critical unauthenticated RCE flaw (CVE-2025-14500), risking unauthorized access. The flaw, affecting both Windows and Linux deployments, was fixed in... October 2025, but many on-premises instances remain unpatched. IceWarp urges immediate updates and offers a free one-month SAAS license for customers with expired licenses to facilitate upgrades.
IceWarp collaboration Directory Traversal Information Disclosure ...
IceWarp has addressed a security vulnerability (CVE-2026-2493) that allowed remote attackers to disclose sensitive information without authentication. The flaw was due to improper validation of user-...supplied paths in the collaboration endpoint. This issue has been fixed in versions 14.2.0.12 and 14.1.0.20.
ZDI-26-130: IceWarp collaboration Directory Traversal Information ...
A directory traversal vulnerability in IceWarp allows remote attackers to access sensitive information without authentication. The flaw, identified as CVE-2026-2493, has been rated with a CVSS score ...of 7.5 by ZDI.
IceWarp security advisory (AV26-148)
IceWarp issued a security advisory on February 19, 2026, addressing critical vulnerabilities in its Epos products, including versions prior to 14.2.0.12. Users are urged to apply updates to mitigate ...risks.