Medium severity5.8NVD Advisory· Published Jun 5, 2025· Updated Apr 15, 2026

CVE-2025-49466

Description

aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

No linked articles in our index yet.