High severityNVD Advisory· Published Mar 11, 2026· Updated Apr 27, 2026

CVE-2026-3013

Description

Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow to read content of any file accessible by the the web server process.This issue was fixed in version 1.6.28.

Affected products

Coppermine Gallery/Cpg1.6.xreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert.pl/en/posts/2026/03/CVE-2026-3013nvd
github.com/coppermine-gallery/cpg1.6.x/releases/tag/v1.6.28nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000