Lucene search
K

9 matches found

Veracode
Veracode
added 2026/05/16 5:32 a.m.4 views

Arbitrary File Write And Deletion

github.com/go-acme/lego is vulnerable to arbitrary file write and deletion. The vulnerability is due to improper validation of the HTTP-01 challenge token in the webroot challenge provider, which allows a malicious ACME server to supply crafted ../ path traversal sequences and write or delete fil...

8.8CVSS6.1AI score0.0034EPSS
Exploits0References7Affected Software3
RedhatCVE
RedhatCVE
added 2026/04/24 2:48 p.m.6 views

CVE-2026-40611

A flaw was found in lego, the Let's Encrypt client and ACME library written in Go. A malicious ACME Automated Certificate Management Environment server can exploit a path traversal vulnerability in the webroot HTTP-01 challenge provider. By supplying a specially crafted challenge token containing...

8.8CVSS5.6AI score0.0034EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/21 7:17 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Webroot HTTP-01 challenge provider. An attacker can write arbitrary files to the filesystem by supplying crafted challenge tokens containing directory traversal sequences. Details A Directory Traversal attack...

8.8CVSS6.5AI score0.0034EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 7:17 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Webroot HTTP-01 challenge provider. An attacker can write arbitrary files to the filesystem by supplying crafted challenge tokens containing directory traversal sequences. Details A Directory Traversal attack...

8.8CVSS6.5AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2026/04/21 6:16 p.m.4 views

DEBIAN-CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

8.8CVSS5.6AI score0.0034EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 6:16 p.m.4 views

CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

8.8CVSS0.0034EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/21 5:58 p.m.4 views

CVE-2026-40611 Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

8.8CVSS5.9AI score0.0034EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 5:58 p.m.15 views

CVE-2026-40611

Technical details about CVE-2026-40611 are not publicly available in the provided documents; these sources confirm the vulnerability description but do not include affected versions, specifics, exploit status, or patches. Monitor for updates.

8.8CVSS5.9AI score0.0034EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/04/21 5:58 p.m.3 views

CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

8.8CVSS5.5AI score0.0034EPSS
Exploits0
Rows per page
Query Builder