28 matches found
CVE-2026-59731
Astro 6.4.7 contains an authorization bypass due to improper handling of partially decoded pathnames after the iterative URL decoder limit, with an additional decodeURI() during rewrite route matching that can lead to accessing a protected route. The issue affects 6.4.7 and is fixed in 6.4.8. The...
GHSA-G4W6-VMGF-XQVX @cedar-policy/authorization-for-expressjs has an authorization bypass via query string manipulation
Summary @cedar-policy/authorization-for-expressjs is an open-source Express.js middleware that integrates Cedar authorization into Express applications by mapping HTTP requests to Cedar actions and evaluating authorization policies before allowing requests to proceed. An issue exists where, under...
DEBIAN-CVE-2026-52844
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can bypass Caddy...
SUSE-SU-2026:2487-1 Security update for rmt-server
This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...
CVE-2026-47676
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, app.mount strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the...
GHSA-2GCR-MFCQ-WCC3 Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths
Summary app.mount strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the prefix to be stripped at the wrong position when the path contains percent-encoded multi-byte...
Astra Linux – Vulnerability in HAPProxy
A issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. This issue does not ensure that the scheme and path portions of a URI contain the expected characters. For example, the authority field as observed on a target HTTP/2 server might differ from what the...
PT-2026-41127
Name of the Vulnerable Software and Affected Versions Tuist versions prior to 1.180.9 Description The "DELETE /api/projects/account handle/project handle/previews/preview id" endpoint loads a preview by its UUID without verifying that the preview belongs to the project resolved from the URL path...
CVE-2026-42855
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...
CVE-2026-42882
oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the...
CVE-2026-42882 oxyno-zeta/s3-proxy: Security Issues in Resource Path Matching
oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the...
UBUNTU-CVE-2026-41256
jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...
GHSA-2H4P-VJRC-8XPQ Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup
Summary On Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the configured template directory. Details The root cause is a...
GHSA-RFGQ-WGG8-662P S3-Proxy has Security Issues in its Resource Path Matching Implementation
Background The original concern is functional: a resource pattern should treat a percent-encoded segment like some%2Fvalue as a single opaque token rather than splitting it into two path segments at the decoded /. Investigation into why %2F was being decoded and how routes matched against the...
SUSE CVE-2026-28808
Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...
CVE-2026-28808
A flaw was found in Erlang OTP inets modules. A remote unauthenticated attacker could exploit an incorrect authorization vulnerability when CGI Common Gateway Interface scripts are served via scriptalias. This vulnerability arises from a path mismatch where access controls are evaluated against a...
CVE-2026-28808
Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...
DEBIAN-CVE-2026-28808
Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...
UBUNTU-CVE-2026-28808
Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...