Skip to main content

novaGallery EUVD-2026-28806

| CVE-2026-42028 MEDIUM
Path Traversal (CWE-22)
2026-05-08 GitHub_M
PHP Path Traversal
5.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch available
May 08, 2026 - 18:03 EUVD
Source Code Evidence Fetched
May 08, 2026 - 17:01 vuln.today
Analysis Generated
May 08, 2026 - 17:01 vuln.today
CVE Published
May 08, 2026 - 15:54 nvd
MEDIUM 5.3

DescriptionNVD

novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1.

AnalysisAI

Path traversal vulnerability in novaGallery prior to version 2.1.1 allows unauthenticated remote attackers to read arbitrary image files outside the intended gallery root directory via crafted album or image parameters. The vulnerability has low real-world impact (confidentiality only, CVSS 5.3) but affects all unpatched installations since exploitation requires no authentication, user interaction, or special configuration. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-28806 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy