Gnu

Wget2

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2026-1858

Exploit
  • EPSS 0.01%
  • Veröffentlicht 29.04.2026 20:15:50
  • Zuletzt bearbeitet 05.05.2026 02:47:29

wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server auth...

8.8

CVE-2025-69195

  • EPSS 0.16%
  • Veröffentlicht 09.01.2026 07:57:17
  • Zuletzt bearbeitet 05.03.2026 20:12:29

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker ca...

9.8

CVE-2025-69194

  • EPSS 0.04%
  • Veröffentlicht 09.01.2026 07:53:48
  • Zuletzt bearbeitet 05.03.2026 20:09:43

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations...