CVE-2026-25161
HIGH8.8EPSS 0.03%Alist vulnerable to Path Traversal in multiple file operation handlers in github.com/alist-org/alist
發布日:2026/2/4修改日:2026/2/5
描述
Alist vulnerable to Path Traversal in multiple file operation handlers in github.com/alist-org/alist
受影響套件(3)
- Go/github.com/alist-org/alistfrom 0
- Go/github.com/alist-org/alist/v3from 0, < 3.57.0
- Go/github.com/alist-org/alist/v3from 0, < 3.57.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-25161
- PATCHhttps://github.com/AlistGo/alist
- WEBhttps://github.com/AlistGo/alist/blob/b4d9beb49cba399842a54fcc33bc95a4a09b7bd4/server/handles/fsbatch.go#L188-L189
- WEBhttps://github.com/AlistGo/alist/blob/b4d9beb49cba399842a54fcc33bc95a4a09b7bd4/server/handles/fsmanage.go#L165-L166
- WEBhttps://github.com/AlistGo/alist/commit/b188288525b9a35c76535139311e7c036dab057e
- WEBhttps://github.com/AlistGo/alist/security/advisories/GHSA-x4q4-7phh-42j9