216.73.217.64

CVE-2026-22257

· Published 08/01/2026 19:16 · Modified 08/01/2026 19:16

Labels: CVE-2026-22257 2026-01-08CVE-2026-22257CWE-79[email protected]

Essential information

Published
08/01/2026 19:16
Modified
08/01/2026 19:16
Author
Creator
CVSS
8.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L

CVSS metrics

Description

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can upload a file. This issue has been patched in version 0.88.1.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
salvo / salvo cpe:2.3:a:salvo:salvo:<0.88.1:*:*:*:*:*:*:*

References