CVE Catalog

CVE-2026-42756

Critical
Published: Translated: NVD NIST

Summary

The 'Path Traversal' vulnerability in Ludwig You QuickWebP has an improper limitation of a pathname to a restricted directory, allowing unauthorized access to files. This issue affects QuickWebP versions from n/a through 3.2.7.

Risk Assessment

Organizations may be exposed to unauthorized access to sensitive files, potentially leading to data leaks or system compromise.

Recommendation

It is recommended to update to the latest version of QuickWebP to mitigate this vulnerability and conduct a security audit of the system.

Original NVD description (English source)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP &#8211; Compress / Optimize Images &amp; Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP &#8211; Compress / Optimize Images &amp; Convert WebP | SEO Friendly: from n/a through <= 3.2.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS