Home / Vulnerability Intelligence / CVE-2026-30952

CVE-2026-30952 - Vulnerability Analysis

N/a

Last Updated: March 11, 2026

Liquidjs - Path Traversal

Published: March 10, 2026Updated: March 11, 2026PoC Available

Overview

Liquidjs < 10.25.0 contains a path traversal caused by layout, render, and include tags allowing arbitrary file access via absolute paths, letting attackers access arbitrary files, exploit requires control over template content or filepath variable.

Severity & Score

Severity: N/a

Impact

Attackers can access arbitrary files on the system, potentially exposing sensitive information or system files.

Mitigation

Update to version 10.25.0 or later.

References

https://github.com/harttle/liquidjs/commit/3cd024d652dc883c46307581e979fe32302adbac
https://github.com/harttle/liquidjs/pull/851
https://github.com/harttle/liquidjs/pull/855
https://github.com/harttle/liquidjs/security/advisories/GHSA-wmfp-5q7x-987x

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-30952
Severity: N/a
Type: path_traversal
Status: unconfirmed

CWE

CWE-22

CVSS Metrics

N/A