Skip to main content

Wget2

3 CVEs product

Monthly

CVE-2026-1858 MEDIUM PATCH This Month

GNU wget2 incorrectly validates TLS server certificates, accepting certificates with improper Key Usage (KU) or Extended Key Usage (EKU) attributes. This allows attackers who have compromised certificates issued for non-server purposes to impersonate legitimate servers in TLS connections, enabling man-in-the-middle attacks that leak sensitive information such as authentication credentials or request/response data.

Information Disclosure Wget2
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-69195 HIGH PATCH This Week

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. [CVSS 7.6 HIGH]

Buffer Overflow Stack Overflow Memory Corruption Denial Of Service Wget2 +2
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-69194 HIGH PATCH This Week

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. [CVSS 8.8 HIGH]

Path Traversal Wget2 Red Hat Suse
NVD
CVSS 3.1
8.8
EPSS
0.0%
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

GNU wget2 incorrectly validates TLS server certificates, accepting certificates with improper Key Usage (KU) or Extended Key Usage (EKU) attributes. This allows attackers who have compromised certificates issued for non-server purposes to impersonate legitimate servers in TLS connections, enabling man-in-the-middle attacks that leak sensitive information such as authentication credentials or request/response data.

Information Disclosure Wget2
NVD VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. [CVSS 7.6 HIGH]

Buffer Overflow Stack Overflow Memory Corruption +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. [CVSS 8.8 HIGH]

Path Traversal Wget2 Red Hat +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy