CVE-2026-40611 | go-acme lego up to 4.33.x path traversal (GHSA-qqx8-2xmm-jrv8)

April 21, 2026 Yanac

A vulnerability described as critical has been identified in go-acme lego up to 4.33.x. The impacted element is an unknown function. Executing a manipulation can lead to path traversal.

This vulnerability is tracked as CVE-2026-40611. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More

CVE-2026-41192 | freescout-help-desk freescout up to 1.8.214 Attachment::deleteByIds attachments_all[] authorization (GHSA-cv36-2j23-x6g3)
CVE-2026-40608 | DayuanJiang next-ai-draw-io up to 0.4.14 POST allocation of resources (GHSA-9q7h-wgfw-p378 / EUVD-2026-24217)