CVE-2026-42756
CriticalSummary
The 'Path Traversal' vulnerability in Ludwig You QuickWebP has an improper limitation of a pathname to a restricted directory, allowing unauthorized access to files. This issue affects QuickWebP versions from n/a through 3.2.7.
Risk Assessment
Organizations may be exposed to unauthorized access to sensitive files, potentially leading to data leaks or system compromise.
Recommendation
It is recommended to update to the latest version of QuickWebP to mitigate this vulnerability and conduct a security audit of the system.
Original NVD description (English source)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly: from n/a through <= 3.2.7.

