CVE-2026-28807 โ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')โฆ
๐จ CVE-2026-28807 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-deco
Path Traversal in wisp.serve_static allows arbitrary file read
cna.erlef.org
What This Means For You
- New vulnerability disclosed โ verify if your stack is exposed.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-28807 | Path Traversal | Software: gleam-wisp wisp, Versions: >= 2.1.1, < 2.2.1, Vulnerable Component: wisp.serve_static, Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability allowing arbitrary file read via percent-encoded path traversal due to sanitization running before percent-decoding. |
| CVE-2026-28807 | Information Disclosure | Software: gleam-wisp wisp, Versions: >= 2.1.1, < 2.2.1, Impact: Unauthenticated attacker can read any file readable by the application process (source code, configuration files, secrets, system files) via a single HTTP request exploiting a path traversal vulnerability in wisp.serve_static. |
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Channel ID | 1129491012 |
| Message ID | 158193 |
| Published | April 06, 2026 at 20:27 UTC |
| Original Link | https://cna.erlef.org/cves/CVE-2026-28807.html |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Found this interesting? Follow us on LinkedIn to stay ahead.
Share