MEDIUM
Gohugo
CVE published 2026-05-12
CVE-2026-44301
CVE-2026-44301 is a medium-severity Hugo vulnerability affecting versions 0.43 through before 0.161.0. When Hugo builds sites that use Node-based asset pipelines such as PostCSS, Babel, or TailwindCSS, it could invoke those tools without restricting filesystem access. If an attacker can influence the site being built, code running through those tools may be able to read or write files outside the project’ [truncated]