2 matches found
CVE-2026-55677
creationtimestamp| type| source ---|---|--- 2026-06-26 18:24:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp7kwlsngg2x...
CVE-2026-55677
Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...