CVE-2026-32805

CVE-2026-32805 corresponds to an Archive Slip flaw in Romeo’s webserver sanitization (github.com/ctfer-io/romeo/webserver). The root cause is a missing trailing path separator in the strings.HasPrefix check within sanitizeArchivePath, enabling a crafted tar to traverse outside the intended destin...

CVE-2026-32805

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

CVE-2026-32737

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod...

Romeo 路径遍历漏洞

Romeo is an open-source Go application code coverage calculation tool developed by CTFer.io. Versions of Romeo prior to 0.2.2 contained a path traversal vulnerability. This vulnerability stemmed from defects in the path traversal checks, which could lead to arbitrary file writing...