CVE-2026-40611

Technical details about CVE-2026-40611 are not publicly available in the provided documents; these sources confirm the vulnerability description but do not include affected versions, specifics, exploit status, or patches. Monitor for updates.

CVE-2026-40611 Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

CVE-2026-40611 Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

Lego 安全漏洞

Lego is an open-source library written in Go by go-acme. Versions of Lego before 4.34.0 have security vulnerabilities; these vulnerabilities stem from path traversal in the webroot HTTP-01 challenge provider, which could lead to arbitrary file writing and deletion...

ACME Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider

Summary The webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to write attacker-influenced content to any path writable by the lego...

GHSA-QQX8-2XMM-JRV8 ACME Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider

Summary The webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to write attacker-influenced content to any path writable by the lego...

PT-2026-33383

Name of the Vulnerable Software and Affected Versions Lego versions prior to 4.34.0 Description The webroot HTTP-01 challenge provider in Lego is subject to arbitrary file write and deletion via path traversal. A malicious ACME server can provide a crafted challenge token containing ../ sequences...

📄 Redaxo 5.20.1 Path Traversal

Redaxo versions 5.20.1 and below suffer from a path traversal vulnerability. CVE-2026-21857: Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read Overview | Field | Details | |---|---| | CVE ID | CVE-2026-21857 | | Severity | HIGH | | Advisory | View Advisory | | Discovered by...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

CVE-2025-66034-htb-ctf VariaType Variable Font Generator Ex...

GHSA-6QCC-6Q27-WHP8 goshs: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)

Summary deleteFile missing return after path traversal check | httpserver/handler.go:645-671 The finding affects the default configuration, no flags or authentication required. Details File: httpserver/handler.go:645-671 Trigger: GET /?delete handler.go:157-160 dispatches to deleteFile The functi...

GHSA-G8MV-VP7J-QP64 goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload

Summary PUT upload has no path sanitization | httpserver/updown.go:20-69 This finding affects the default configuration, no flags or authentication required. Details File: httpserver/updown.go:20-69 Trigger: PUT / server.go:57-59 routes directly to put The handler uses req.URL.Path raw to build t...

goshs: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload

Summary PUT upload has no path sanitization | httpserver/updown.go:20-69 This finding affects the default configuration, no flags or authentication required. Details File: httpserver/updown.go:20-69 Trigger: PUT / server.go:57-59 routes directly to put The handler uses req.URL.Path raw to build t...

Exploit for Command Injection in Magnussolution Magnusbilling

CVE-2023-30258 — Magnus Billing v7 Command Injection PoC...

CVE-2026-27180

MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...

CVE-2026-27180

CVE-2026-27180 — MajorDoMo supply chain RCE : Affected MajorDoMo allows unauthenticated remote code execution via a poisoned update URL. The saverestore admin endpoint at /objects/?module=saverestore is exposed because gr('mode') reads from $_REQUEST instead of the framework’s mode, enabling an a...

CVE-2026-27180 MajorDoMo Supply Chain Remote Code Execution via Update URL Poisoning

MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...

Zimbra Collaboration - Local File Inclusion

Zimbra Collaboration ZCS 10.0 and 10.1 contain a local file inclusion caused by improper handling of user-supplied parameters in the RestFilter servlet, letting unauthenticated remote attackers include arbitrary files from WebRoot, exploit requires crafted requests to /h/rest endpoint. id:...

Zimbra Collaboration Server 10.0.x < 10.0.18, 10.1.x < 10.1.13 Local File Inclusion

A Local File Inclusion LFI vulnerability exists in the Webmail Classic UI of Zimbra Collaboration ZCS 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influenc...

Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory...