PatchSiren

MiniGal CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM MiniGal CVE published 2026-02-11

CVE-2026-25869

CVE-2026-25869 is a path traversal vulnerability in MiniGal Nano versions 0.3.5 and prior. The vulnerability is located in the index.php file and is caused by the application's improper handling of user-controlled input to the photos directory. An attacker can exploit this behavior to cause the application to enumerate and display image files from unintended filesystem locations that are readable by the w [truncated]