VYPR

Wget2

by GNU

CVEs (3)

  • CVE-2026-1858MedApr 29, 2026
    risk 0.31cvss 4.8epss 0.00

    wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.

  • CVE-2025-69195Jan 9, 2026
    risk 0.00cvss epss 0.00

    A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a…

  • CVE-2025-69194Jan 9, 2026
    risk 0.00cvss epss 0.01

    A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead…