CVE-2026-42028

medium

Description

novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1.

References

https://github.com/novafacile/novagallery/security/advisories/GHSA-wv5j-98c7-frm9

https://github.com/novafacile/novagallery/releases/tag/v2.1.1

https://github.com/novafacile/novagallery/commit/46fe7b0f79f429e18c8cff3f92360c4513732ba6

Details

Source: Mitre, NVD

Published: 2026-05-08

Updated: 2026-05-08

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00085