CVE-2026-33242 - Vulnerability Analysis
HighCVSS: 7.5Last Updated: March 24, 2026
Salvo - Path Traversal & Broken Access Control
Overview
Salvo 0.39.0 through 0.89.2 contains a path traversal and access control bypass caused by improper normalization of "../" sequences in the encode_url_path function in salvo-proxy, letting unauthenticated external attackers access unintended backend paths, exploit requires crafted URL with path traversal sequences.
Severity & Score
Impact
Unauthenticated attackers can bypass proxy routing and access protected backend paths, potentially exposing sensitive data or administrative interfaces.
Mitigation
Upgrade to version 0.89.3 or later.
References
Social Media Activity(2 posts)
š CVE-2026-33242 - High (7.5) Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constra... š https://www.thehackerwire.com/vulnerability/CVE-2026-33242/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-33242 - High (7.5) Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constra... š https://www.thehackerwire.com/vulnerability/CVE-2026-33242/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-33242
- Severity
- High
- CVSS Score
- 7.5
- Type
- path_traversal
- Status
- confirmed
- EPSS
- 1.9%
- Social Posts
- 2
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N