High severity8.1NVD Advisory· Published Sep 26, 2016· Updated May 6, 2026

CVE-2016-7098

Description

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.gnu.org/archive/html/bug-wget/2016-08/msg00083.htmlnvdExploitMailing List
lists.opensuse.org/opensuse-updates/2016-09/msg00044.htmlnvdThird Party Advisory
lists.gnu.org/archive/html/bug-wget/2016-08/msg00134.htmlnvdMailing List
www.openwall.com/lists/oss-security/2016/08/27/2nvdMailing List
lists.opensuse.org/opensuse-updates/2017-01/msg00007.htmlnvd
www.securityfocus.com/bid/93157nvd
lists.debian.org/debian-lts-announce/2020/01/msg00031.htmlnvd
www.exploit-db.com/exploits/40824/nvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000