Is PHP affected by CVE-2026-25869?

MiniGal Nano gallery software versions 0.3.5 and earlier contain a path traversal vulnerability that could allow attackers to access unauthorized files on affected servers.

CVE-2026-25869

HIGH

2026-02-11 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 11, 2026 - 16:16 nvd

HIGH 7.5

Description

MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted directory patterns. An attacker can exploit this behavior to cause the application to enumerate and display image files from unintended filesystem locations that are readable by the web server, resulting in unintended information disclosure.

Analysis

MiniGal Nano 0.3.5 and earlier are vulnerable to a path traversal attack in the dir parameter that bypasses insufficient dot-dot sequence filtering, allowing unauthenticated remote attackers to access and enumerate image files from arbitrary filesystem locations readable by the web server. This results in confidential information disclosure from unintended directories. …

Remediation

Within 24 hours: Inventory all systems running MiniGal Nano and identify affected versions. Within 7 days: Implement compensating controls (WAF rules blocking directory traversal patterns in the 'dir' parameter, restrict index.php access via network segmentation). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

CVE-2026-25869 vulnerability details – vuln.today

Back

CVE-2026-25869

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-25869

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code