3 matches found
CVE-2026-24686 go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names
go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...
Linux Distros Unpatched Vulnerability : CVE-2026-24686
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem pat...
CVE-2026-24686
creationtimestamp| type| source ---|---|--- 2026-01-26 12:46:25+00:00| published-proof-of-concept| https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-jqc5-w2xx-5vq4 2026-01-27 03:37:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdetfhx4si2j...