Go modules package
github.com/labstack/echo/v5
pkg:golang/github.com/labstack/echo/v5
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25766 | — | >= 5.0.0, < 5.0.3 | 5.0.3 | Feb 19, 2026 | Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s `middleware.Static` using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In `middleware/static.go`, the requested path |
- CVE-2026-25766Feb 19, 2026affected >= 5.0.0, < 5.0.3fixed 5.0.3
Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s `middleware.Static` using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In `middleware/static.go`, the requested path