CVE-2026-25161 in alistالمعلومات

الملخص

بحسب MITRE • 04/02/2026

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal, movement and copying across user boundaries within the same storage mount. This issue has been patched in version 3.57.0.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

29/01/2026

إفشاء

04/02/2026

الاعتدال

تمت الموافقة

إدخال

VDB-344414

CPE

جاهز

CWE

CWE-22 (مؤكد)

CVSS

8.8 (CNA)

EPSS

0.00030

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-25161
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-25161
CVE Details	https://www.cvedetails.com/cve/CVE-2026-25161/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!