CVE-2026-58403 | gohugoio Hugo up to 0.163.0 Virtual Filesystem fs/rootmappingfs.go statRoot somefile symlink
A vulnerability described as problematic has been identified in gohugoio Hugo up to 0.163.0. The affected element is the function statRoot of the file fs/rootmappingfs.go of the component Virtual Filesystem. Such manipulation of the argument somefile leads to symlink following.
This vulnerability is traded as CVE-2026-58403. An attack has to be approached locally. There is no exploit available.VulDB Recent EntriesRead More