203 matches found
GO-2026-5380 Hugo: Symlink confinement bypass in resources.Get in github.com/gohugoio/hugo
Hugo: Symlink confinement bypass in resources.Get in github.com/gohugoio/hugo...
CVE-2026-57571
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or travers...
CVE-2026-50135 Hugo: Symlink confinement bypass in resources.Get
Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...
CVE-2026-50135
Summary: Hugo up to v0.161.1 is affected by a symlink confinement bypass in the virtual filesystem used by Hugo’s resources.Get. Root cause: A regression in RootMappingFs.statRoot caused it to call Stat (which follows symlinks) instead of Lstat, allowing a symlink inside a mounted directory (e.g....
CVE-2026-58403 Hugo symlink confinement bypass in os.ReadFile
Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...
CVE-2026-58403
Hugo (static site generator) vulnerable from v0.123.0 through v0.163.0. A regression in RootMappingFs.statRoot caused it to call Stat (which follows symlinks) instead of Lstat, enabling os.ReadFile on a symlink to read the target file outside the mount. This could let a symlink inside a theme or ...
GHSA-H64P-8H4R-6GFH SFTPGo has path confinement bypass in public browsable share partial ZIP download
Summary The public web-client endpoint for partial ZIP downloads of a browsable share did not correctly confine the client-supplied files entries to the shared directory. A requester able to reach a public share could read files located outside the shared directory, as long as the target's...
GHSA-72R4-9C5J-MJ57 pnpm: `patch-remove` could delete project-selected files outside the patches directory
Summary The patch-remove deletion-scope issue tracked as GHSA-72r4-9c5j-mj57 / CAND-PNPM-030 has been addressed in pnpm. A crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This patch validates the...
CVE-2026-55443
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...
CVE-2026-55443 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...
CVE-2026-55443
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...
EUVD-2026-38332
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...
CVE-2026-55443 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via the os.ReadFile function during direct lookups via resources.Get. An attacker can access arbitrary files outside the intended directory by placing a symlink inside a mounted directory that points to files outside the...
GHSA-XG3J-C7Q4-F9PH Canonical MicroCeph: path traversal issue in the remote-import AP
Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...
GHSA-FJV8-J4P5-CR9M Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
Summary A sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source outside the intended per-volu...
PT-2026-50824
Name of the Vulnerable Software and Affected Versions Daytona versions prior to 0.186 Description A sandbox volume reference volumeId which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing...
PT-2026-50823
Name of the Vulnerable Software and Affected Versions armeria-xds versions 1.38.0 through 1.39.0 Description DataSourceStream in the xDS module resolves filename and environment variable fields from SDS Secret resources without an allow-list or base-directory confinement. This allows a compromise...
GHSA-FW87-FV5R-9FPW Hugo: Symlink confinement bypass in resources.Get
Commit: f8b5fa09a6 — Fix prevention of direct symlink reads in resources.Get Affected versions: v0.123.0 through v0.161.1. Earlier versions are not affected. Fixed in: v0.162.0. Severity: Medium. Requires the attacker to be able to place or convince a site author to place a symlink inside a mount...
Hugo: Symlink confinement bypass in resources.Get
Commit: f8b5fa09a6 — Fix prevention of direct symlink reads in resources.Get Affected versions: v0.123.0 through v0.161.1. Earlier versions are not affected. Fixed in: v0.162.0. Severity: Medium. Requires the attacker to be able to place or convince a site author to place a symlink inside a mount...