CVE-2026-24686 | theupdateframework go-tuf up to 2.4.0 Cache Directory /escaped-repo path traversal

Inserito da Angelo Barbosa | Gen 27, 2026 | CVE

A vulnerability was found in theupdateframework go-tuf up to 2.4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /escaped-repo of the component Cache Directory Handler. The manipulation results in path traversal.

This vulnerability is identified as CVE-2026-24686. The attack is only possible with local access. There is not any exploit available.

It is recommended to upgrade the affected component.

CVE-2026-24686 | theupdateframework go-tuf up to 2.4.0 Cache Directory /escaped-repo path traversal

Post correlati

CVE-2024-6656 | TNB Mobile Solutions Cockpit Software up to 2.12 hard-coded credentials

CVE-2023-52307 | Paddle up to 2.5.x buffer overflow (pdsa-2023-016)

CVE-2024-8294 | FeehiCMS up to 2.1.1 index.php update FriendlyLink[image] unrestricted upload

CVE-2024-3803 | Vesystem Cloud Desktop up to 20240408 fileupload.php file unrestricted upload