CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

RedhatCVE•added 2026/04/24 2:48 p.m.•6 views

CVE-2026-40611

A flaw was found in lego, the Let's Encrypt client and ACME library written in Go. A malicious ACME Automated Certificate Management Environment server can exploit a path traversal vulnerability in the webroot HTTP-01 challenge provider. By supplying a specially crafted challenge token containing...

8.8CVSS5.6AI score0.00309EPSS

Exploits0References4

Snyk•added 2026/04/21 7:17 p.m.•5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Webroot HTTP-01 challenge provider. An attacker can write arbitrary files to the filesystem by supplying crafted challenge tokens containing directory traversal sequences. Details A Directory Traversal attack...

8.8CVSS6.5AI score0.00309EPSS

Exploits0References2

Snyk•added 2026/04/21 7:17 p.m.•6 views

Directory Traversal

8.8CVSS6.5AI score0.00309EPSS

Exploits0References2

OSV•added 2026/04/21 6:16 p.m.•3 views

DEBIAN-CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

8.8CVSS5.6AI score0.00309EPSS

Exploits0References1

NVD•added 2026/04/21 6:16 p.m.•3 views

CVE-2026-40611

8.8CVSS0.00309EPSS

Exploits0References5

CVE•added 2026/04/21 5:58 p.m.•11 views

CVE-2026-40611

Technical details about CVE-2026-40611 are not publicly available in the provided documents; these sources confirm the vulnerability description but do not include affected versions, specifics, exploit status, or patches. Monitor for updates.

8.8CVSS5.9AI score0.00309EPSS

Exploits0References5