http-api-problem (>=0.50.0 <=0.50.2) potentially affected by CVE-2026-22256 via salvo (>=0.10.4 <=0.11.6)

salvo CARGO version =0.10.4, =0.50.0, =0.50.2 Source cves: CVE-2026-22256 Source advisory: OSV:GHSA-RJF8-2WCW-F6MP...

EUVD-2026-1423

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...