CNNVD-202602-584 Information

CNNVD ID

CNNVD-202602-584

Related CVE

CVE-2026-25161

• CNNVD Published: 2026-02-04

Description (Chinese)

AList是中国Xhofe个人开发者的一个支持多存储的文件列表程序。 AList 3.57.0之前版本存在路径遍历漏洞，该漏洞源于多个文件操作处理程序存在路径遍历漏洞，可能导致未经授权的文件操作。

Description (English)

Alist is a supporting multi-storey file list program for the Xhofe personal developer in China. Alist 3.570 has a loophole in the path, which stems from the fact that multiple file operations processors have loopholes that could lead to unauthorized document operations.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/AlistGo/alist/commit/b188288525b9a35c76535139311e7c036dab057e https://github.com/AlistGo/alist/security/advisories/GHSA-x4q4-7phh-42j9

Patch

https://alistgo.com/