Go modules package
github.com/openlistteam/openlist/v4
pkg:golang/github.com/openlistteam/openlist/v4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25060 | — | < 4.1.10 | 4.1.10 | Feb 2, 2026 | OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig() function in internal/conf/config.go. This vulnerab | ||
| CVE-2026-25059 | — | < 4.1.10 | 4.1.10 | Feb 2, 2026 | OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using |
- CVE-2026-25060Feb 2, 2026affected < 4.1.10fixed 4.1.10
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig() function in internal/conf/config.go. This vulnerab
- CVE-2026-25059Feb 2, 2026affected < 4.1.10fixed 4.1.10
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using