CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

80 matches found

Veracode•added 2026/05/16 5:28 a.m.•2 views

Path Traversal

lakeFS is vulnerable to Path Traversal. The vulnerability is due to insufficient path validation in verifyRelPath within pkg/block/local/adapter.go, where strings.HasPrefix is used to validate storage paths without enforcing path boundaries. This allows authenticated users to use path traversal...

8.1CVSS5.8AI score0.00067EPSS

Exploits0References3Affected Software1

Veracode•added 2026/03/05 8:55 a.m.•4 views

Missing Authorization

github.com/treeverse/lakefs is vulnerable to Missing Authorization. The vulnerability is due to lack of authentication checks on the /api/v1/usage-report/summary endpoint, which allows an attacker to access aggregate API usage information without authorization...

5.3CVSS5.8AI score0.00052EPSS

Exploits0References2Affected Software1

SUSE CVE•added 2026/03/04 12:26 a.m.•0 views

SUSE CVE-2026-26187

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...

8.1CVSS5.8AI score0.00067EPSS

Exploits0References3

Positive Technologies•added 2026/02/19 12:0 a.m.•2 views

PT-2026-20656

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A flaw in the Navigation feature in Google Chrome before version 147.0.7727.55 could allow a remote attacker who has compromised the renderer process to leak cross-origin data through a...

9.8CVSS5.9AI score0.00161EPSS

Exploits0References68

OSV•added 2026/02/17 6:9 p.m.•2 views

GO-2026-4494 lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access in github.com/treeverse/lakefs

lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access in github.com/treeverse/lakefs...

8.1CVSS5.5AI score0.00067EPSS

Exploits0References3

RedhatCVE•added 2026/02/14 7:22 p.m.•3 views

CVE-2026-26187

8.1CVSS5.5AI score0.00067EPSS

Exploits0References1

NVD•added 2026/02/13 7:17 p.m.•3 views

CVE-2026-26187

8.1CVSS0.00067EPSS

Exploits0References3

Cvelist•added 2026/02/13 6:34 p.m.•20 views

CVE-2026-26187 lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access

8.1CVSS0.00067EPSS

Exploits0References3

Vulnrichment•added 2026/02/13 6:34 p.m.•1 views

CVE-2026-26187 lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access

8.1CVSS5.5AI score0.00067EPSS

Exploits0References3

EUVD•added 2026/02/13 6:34 p.m.•3 views

EUVD-2026-5918

8.1CVSS5.5AI score0.00067EPSS

Exploits0References3

CVE•added 2026/02/13 6:34 p.m.•8 views

CVE-2026-26187

CVE-2026-26187 affects lakeFS before v1.77.0, where the local block adapter (pkg/block/local/adapter.go) allows authenticated users to read/write files outside the configured storage. The verifyRelPath check used strings.HasPrefix without requiring a separator, enabling path traversal to sibling ...

8.1CVSS5.5AI score0.00067EPSS

Exploits0References3Affected Software1

OSV•added 2026/02/13 6:34 p.m.•1 views

CVE-2026-26187 lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access

8.1CVSS5.5AI score0.00067EPSS

Exploits0References5

OSV•added 2026/02/13 4:16 p.m.•2 views

GHSA-699M-4V95-RMPM lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access

Summary Two path traversal vulnerabilities in the local block adapter allow authenticated users to read and write files outside their designated storage boundaries. Details The local block adapter in pkg/block/local/adapter.go had two path traversal vulnerabilities: 1. Prefix Bypass Vulnerability...

8.1CVSS5.5AI score0.00067EPSS

Exploits0References5

Github Security Blog•added 2026/02/13 4:16 p.m.•4 views

lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access

8.1CVSS5.5AI score0.00067EPSS

Exploits0References5Affected Software1

CNNVD•added 2026/02/13 12:0 a.m.•4 views

lakeFS 路径遍历漏洞

LakeFS is an open-source tool developed by Treeverse, capable of converting your object storage into a repository similar to Git. Versions of LakeFS prior to 1.77.0 contained a path traversal vulnerability. This vulnerability stemmed from insufficient path validation in the local block adapter,...

8.1CVSS5.8AI score0.00067EPSS

Exploits0References3

Positive Technologies•added 2026/02/13 12:0 a.m.•9 views

PT-2026-8024

Name of the Vulnerable Software and Affected Versions lakeFS versions prior to 1.77.0 Description lakeFS, an open-source tool for transforming object storage into Git-like repositories, contains path traversal issues in its local block adapter pkg/block/local/adapter.go. The verifyRelPath functio...

9.9CVSS5.4AI score0.00733EPSS

Exploits44References125

SUSE CVE•added 2026/01/27 12:28 a.m.•5 views

SUSE CVE-2025-68671

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request e.g., through network interception, logs...

6.5CVSS5.9AI score0.00018EPSS

Exploits1References2

OSV•added 2026/01/23 2:28 a.m.•1 views

GO-2026-4321 lakeFS is Missing Timestamp Validation in S3 Gateway Authentication in github.com/treeverse/lakefs

lakeFS is Missing Timestamp Validation in S3 Gateway Authentication in github.com/treeverse/lakefs...

6.5CVSS5.4AI score0.00018EPSS

Exploits1References4

RedhatCVE•added 2026/01/16 11:31 p.m.•2 views

CVE-2025-68671

6.5CVSS6.7AI score0.00018EPSS

Exploits1References1

NVD•added 2026/01/15 11:15 p.m.•1 views