CVE-2026-28679 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: March 9, 2026
Home-Gallery.org - Path Traversal
Overview
Home-Gallery.org < 1.21.0 contains a path traversal vulnerability caused by lack of verification of requested file location in the media source directory, letting attackers download sensitive system files, exploit requires crafted download request.
Severity & Score
Impact
Attackers can download sensitive system files, potentially exposing confidential information.
Mitigation
Update to version 1.21.0 or later.
References
Social Media Activity(2 posts)
š CVE-2026-28679 - High (8.6) Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source... š https://www.thehackerwire.com/vulnerability/CVE-2026-28679/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš CVE-2026-28679 - High (8.6) Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source... š https://www.thehackerwire.com/vulnerability/CVE-2026-28679/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-28679
- Severity
- High
- CVSS Score
- 8.6
- Type
- path_traversal
- Status
- unconfirmed
- EPSS
- 4.3%
- Social Posts
- 2
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N