SUSE CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

CVE-2025-54799

Let's Encrypt client and ACME library written in Go Lego. In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package thus the lego library and the lego cli as well don't enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which solves an ACME...

Fedora: Security Advisory for golang-github-acme-lego (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-acme-lego (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-acme-lego-4.4.0-4.fc36

Let's Encrypt client and ACME library written in Go...

ai.h2o:h2o-clustering (>=3.32.1.1 <=3.44.0.2), ai.h2o:h2o-k8s (>=3.30.0.2 <=3.44.0.2) +3 more potentially affected by CVE-2020-13697 via org.nanohttpd:nanohttpd-nanolets (=2.3.1)

org.nanohttpd:nanohttpd-nanolets MAVEN version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.nanohttpd:nanohttpd-nanolets and may be impacted: - ai.h2o:h2o-clustering =3.32.1.1, =3.30.0.2, =3.34.0.3, =0.3.0, =2.0, =2.5 Source cves:...