2 matches found
CVE-2026-25060
OpenList CVE-2026-25060: Insecure TLS default configuration (TlsInsecureSkipVerify = true) prior to version 4.1.10 exposes storage communications to MITM attacks. Documented across multiple sources (Red Hat, SUSE, GitHub advisory, OSV, NVD, etc.). Root cause is TLS certificate verification disabl...
CVE-2026-25059
OpenList Frontend contains a path traversal vulnerability (CWE-22) in multiple file operation handlers (server/handles/fsmanage.go) that was present before version 4.1.10. Filename components in req.Names are concatenated with validated directories via stdpath.Join, allowing ".." sequences to byp...