Alist

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-25161 HIGH POC PATCH This Week

Path traversal in Alist prior to version 3.57.0 allows authenticated users to manipulate filename parameters and bypass directory restrictions within the same storage mount. Attackers can exploit this vulnerability to perform unauthorized file operations including deletion, movement, and copying across user boundaries. Public exploit code exists for this vulnerability.

Path Traversal Alist Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25160 CRITICAL POC PATCH Act Now

Alist file manager has an improper certificate validation vulnerability allowing MITM attacks that could compromise file operations and stored credentials.

Tls Alist Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-25161
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Path traversal in Alist prior to version 3.57.0 allows authenticated users to manipulate filename parameters and bypass directory restrictions within the same storage mount. Attackers can exploit this vulnerability to perform unauthorized file operations including deletion, movement, and copying across user boundaries. Public exploit code exists for this vulnerability.

Path Traversal Alist Suse
NVD GitHub
CVE-2026-25160
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Alist file manager has an improper certificate validation vulnerability allowing MITM attacks that could compromise file operations and stored credentials.

Tls Alist Suse
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy