3 matches found
Path Traversal
Hugo is vulnerable to Path Traversal. The vulnerability is due to unrestricted execution of Node-based asset pipeline tools such as PostCSS, Babel, and TailwindCSS during site builds, allowing code from untrusted sites to read or write files outside the project's working directory when processed ...
Linux Distros Unpatched Vulnerability : CVE-2026-44301
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node- based asset pipelines PostCSS, Babel, TailwindCSS, Hugo...
CVE-2026-44301
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...