HIGH
webp-sh
CVE published 2026-06-22
CVE-2026-53779
CVE-2026-53779 is a path traversal vulnerability in WebP Server Go through 0.14.4 on Windows. The vulnerability allows unauthenticated attackers to read files outside the configured IMG_PATH directory by sending requests with percent-encoded backslashes (%5C) that bypass the path.Clean() sanitization in handler/router.go. This discrepancy between Go's forward-slash-only path normalization and Windows file [truncated]