Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-55677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the...

7.5CVSS6.1AI score0.0043EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 5:16 p.m.7 views

CVE-2026-55677

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS0.0043EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 5:16 p.m.4 views

UBUNTU-CVE-2026-55677

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/26 4:15 p.m.8 views

CVE-2026-55677

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS5.8AI score0.0043EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/26 4:15 p.m.35 views

CVE-2026-55677 Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS0.0043EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 4:15 p.m.8 views

EUVD-2026-39800

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 4:15 p.m.18 views

CVE-2026-55677

Echo (Go framework) prior to 4.15.3 and 5.2.0 has a router vs static file handler decoding mismatch: the router uses the raw encoded path while StaticDirectoryHandler unescapes %2F to /, enabling bypass of route-level access controls to read static files without authorization. The vulnerability i...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/04 12:27 a.m.3 views

SUSE CVE-2026-25766

Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo's middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...

5.3CVSS5.9AI score0.00329EPSS
Exploits1References3
OSV
OSV
added 2026/02/26 4:27 p.m.7 views

GO-2026-4502 Echo has a Windows path traversal via backslash in middleware.Static default filesystem in github.com/labstack/echo/v5

Echo has a Windows path traversal via backslash in middleware.Static default filesystem in github.com/labstack/echo/v5...

5.3CVSS5.5AI score0.00329EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2026/02/24 12:0 a.m.141 views

📄 Echo Framework 5.0.4 Path Traversal

This Python script is a security testing tool designed to detect a path traversal vulnerability in web applications built with the Echo framework version 5 running on Windows systems...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/20 7:40 p.m.5 views

CVE-2026-25766

Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...

5.3CVSS5.7AI score0.00329EPSS
Exploits1References1
NVD
NVD
added 2026/02/19 4:27 p.m.8 views

CVE-2026-25766

Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...

5.3CVSS0.00329EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/19 3:49 p.m.24 views

CVE-2026-25766 Echo has a Windows path traversal via backslash in middleware.Static default filesystem

Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...

5.3CVSS0.00329EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/02/19 3:49 p.m.6 views

CVE-2026-25766

Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...

5.3CVSS8.5AI score0.00329EPSS
Exploits1
CVE
CVE
added 2026/02/19 3:49 p.m.15 views

CVE-2026-25766

The CVE-2026-25766 issue affects Echo (github.com/labstack/echo/v5) on Windows, where middleware.Static uses the default filesystem and path.Clean does not treat backslashes as separators. This lets an unauthenticated attacker read files outside the static root by crafting a path that includes se...

5.3CVSS5.6AI score0.00329EPSS
Exploits1References3Affected Software1
Circl
Circl
added 2026/02/17 3:4 p.m.6 views

CVE-2026-25766

creationtimestamp| type| source ---|---|--- 2026-02-17 15:04:59+00:00| published-proof-of-concept| https://github.com/labstack/echo/security/advisories/GHSA-pgvm-wxw2-hrv9...

5.3CVSS7.3AI score0.00329EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2023/12/21 12:0 a.m.10 views

The vulnerability of the Static Handler component of the web framework used to create scalable and high-performance web applications, Echo, allows a attacker to perform an SSRF attack.

The vulnerability of the Static Handler component of the web framework used to create scalable and high-performance web applications, Echo, involves redirecting URLs to an unreliable website. Exploiting this vulnerability can enable a remote attacker to perform an SSRF attack...

10CVSS7.8AI score0.02333EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/07 4:14 p.m.4 views

CVE-2020-36565 Directory traversal on Windows in github.com/labstack/echo/v4

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...

6.6AI score0.01335EPSS
Exploits1References3
Rows per page
Query Builder