CVE-2026-26187 | treeverse lakeFS up to 1.76.x Local Block Adapter adapter.go strings.HasPrefix path traversal (GHSA-699m-4v95-rmpm)

Inserito da Angelo Barbosa | Feb 13, 2026 | CVE

A vulnerability labeled as critical has been found in treeverse lakeFS up to 1.76.x. This affects the function strings.HasPrefix of the file pkg/block/local/adapter.go of the component Local Block Adapter. The manipulation results in path traversal.

This vulnerability is identified as CVE-2026-26187. The attack can be executed remotely. There is not any exploit available.

The affected component should be upgraded.

CVE-2026-26187 | treeverse lakeFS up to 1.76.x Local Block Adapter adapter.go strings.HasPrefix path traversal (GHSA-699m-4v95-rmpm)

Post correlati

CVE-2024-32147 | Form Plugin Easy Contact Form Lite Plugin up to 1.1.23 on WordPress cross site scripting

CVE-2024-52922 | Bitcoin Core up to 25.0 Block denial of service

CVE-2024-4731 | Campcodes Legal Case Management System 1.0 /admin/role slug cross site scripting

CVE-2024-27257 | IBM OpenPages 8.3/9.0 sensitive information in source