CNNVD-202602-585 Information

CNNVD ID

CNNVD-202602-585

Related CVE

CVE-2026-25160

• CNNVD Published: 2026-02-04

Description (Chinese)

AList是中国Xhofe个人开发者的一个支持多存储的文件列表程序。 Alist 3.57.0之前版本存在信任管理问题漏洞，该漏洞源于默认禁用TLS证书验证，可能导致中间人攻击和数据泄露。

Description (English)

Alist is a supporting multi-storey file list program for the Xhofe personal developer in China. The previous version of Alist 3.570 had a confidence management gap, which stemmed from the default ban on TLS certification, which could lead to attacks by intermediaries and data disclosure.

Hazard Level

High

Vulnerability Type

信任管理问题

Affected Vendor

个人开发者

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/AlistGo/alist/commit/69629ca76a8f2c8c973ede3b616f93aa26ff23fb https://github.com/AlistGo/alist/security/advisories/GHSA-8jmm-3xwx-w974

Patch

https://alistgo.com/