23 matches found
CVE-2026-48784
CVE-2026-48784 is a Symfony UrlGenerator issue in UrlGenerator::doGenerate() where strtr dot-segment encoding skipped every other chained ../ or ./ segments. This allowed attacker-controlled route parameters to generate URLs that collapse to a different path under RFC 3986 normalization. The vuln...
CVE-2026-13207
FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...
CVE-2026-13207 Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing
FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...
CVE-2026-13207
The CVE refers to FUXA prior to 1.3.2 with an authentication bypass in the REST API caused by improper normalization of dot-segments in the router. Prefixing paths with dot-segments (e.g., /api/./users, /api/./roles, /api/project/../users) can bypass authentication and expose protected data such ...
CVE-2026-13207 Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing
FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...
PT-2026-53986
Name of the Vulnerable Software and Affected Versions FUXA versions prior to 1.3.2 Description An authentication bypass exists in the REST API due to improper dot-segment path normalization. The API router does not normalize dot-segment sequences before the authentication middleware is applied...
Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization
Description Symfony\Component\Routing\Generator\UrlGenerator::doGenerate percent-encodes . and .. path segments so that the generated URL still resolves to the originating route after RFC 3986 §5.2.4 dot-segment removal which strict RFC-3986 consumers — routers, reverse proxies, HTTP clients —...
PT-2026-48813
Name of the Vulnerable Software and Affected Versions WsgiDAV version 4.3.3 Description An issue exists in the FilesystemProvider. loc to file path function where the application fails to properly validate path boundaries when using a filesystem-backed share. The method uses...
CVE-2026-40912
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This authentication bypass vulnerability allows an unauthenticated attacker to access protected content. The flaw occurs when the StripPrefixRegex middleware is used with authentication mechanisms such as ForwardAuth, BasicAuth...
SUSE CVE-2026-40912
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...
CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...
CVE-2026-40912
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...
GHSA-6JWX-7VP4-9847 Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync
Summary There is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches the regex against the decoded URL path but uses the resulting byte length to slice the...
Zio has SubFileSystem Path Confinement Bypass via Unresolved `..` Segment
Summary SubFileSystem fails to confine operations to its declared sub path when the input path is /../ or equivalents /../, /..\. This path passes all validation but resolves to the root of the parent filesystem, allowing directory level operations outside the intended boundary. Affected Componen...
Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
...
CVE-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment
Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...
CVE-2026-32036 OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot-Segment Traversal in /api/channels
OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded travers...
OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths
Summary Gateway plugin route auth protection for /api/channels could be bypassed using encoded dot-segment traversal for example ..%2f in path variants that plugin handlers normalize. Affected Packages / Versions - Package: npm openclaw - Latest published vulnerable version: 2026.2.25 - Vulnerabl...
PT-2026-26417
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.26 Description The OpenClaw gateway plugin contains a path traversal issue that allows remote attackers to bypass route authentication checks. This is achieved by manipulating the /api/channels paths with...
cxf: reflected XSS in the services listing page
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploit...