2 matches found
CVE-2026-6968 Multiple Path Traversal Variants in awslabs/tough
Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copytarget/linktarget, symlinked parent directories in savetarget, or symlinked...
PT-2026-35081
Name of the Vulnerable Software and Affected Versions awslabs/tough versions prior to 0.22.0 Description Incomplete path traversal fixes allow remote authenticated users with delegated signing authority to write files outside intended output directories. This occurs because write paths trust the...