VYPR

Go modules package

github.com/labstack/echo/v5

pkg:golang/github.com/labstack/echo/v5

Vulnerabilities (1)

  • CVE-2026-25766Feb 19, 2026
    affected >= 5.0.0, < 5.0.3fixed 5.0.3

    Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s `middleware.Static` using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In `middleware/static.go`, the requested path