CVE-2026-53779 – WebP Server Go < 0.15.0 Path Traversal via Backslash Encoding on Windows

​CVE ID :CVE-2026-53779

Published : June 22, 2026, 6:22 p.m. | 55 minutes ago

Description :WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG_PATH directory by sending requests with percent-encoded backslashes (%5C) that bypass the path.Clean() sanitization in handler/router.go. Attackers can exploit the discrepancy between Go’s forward-slash-only path normalization and Windows file system APIs that treat backslashes and forward slashes as equivalent to access arbitrary files on the host filesystem accessible to the server process.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… To Read More Visit Read More