Unrated severityNVD Advisory· Published Mar 6, 2026· Updated Mar 6, 2026

HomeGallery: Path Traversal (Arbitrary File Read)

CVE-2026-28679

Description

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory, which can result in sensitive system files being downloadable as well. This issue has been patched in version 1.21.0.

Affected products

Xemle/Home Galleryllm-fuzzy
Range: <1.21.0
xemle/home-galleryv5
Range: < 1.21.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/xemle/home-gallery/releases/tag/v1.21.0mitrex_refsource_MISC
github.com/xemle/home-gallery/security/advisories/GHSA-xj65-hcj5-h6j3mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000