{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T10:14:20.951","vulnerabilities":[{"cve":{"id":"CVE-2026-28679","sourceIdentifier":"security-advisories@github.com","published":"2026-03-06T05:16:36.977","lastModified":"2026-06-17T10:28:53.683","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory, which can result in sensitive system files being downloadable as well. This issue has been patched in version 1.21.0."},{"lang":"es","value":"Home-Gallery.org es una galería web de código abierto autoalojada para explorar fotos y videos personales. Antes de la versión 1.21.0, cuando un usuario solicita una descarga, la aplicación no verifica si el archivo solicitado se encuentra dentro del directorio de origen de medios, lo que puede resultar en que archivos sensibles del sistema también sean descargables. Este problema ha sido parcheado en la versión 1.21.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"xemle","product":"home-gallery","versions":[{"version":"< 1.21.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-06T16:00:10.011713Z","id":"CVE-2026-28679","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:home-gallery:homegallery:*:*:*:*:*:*:*:*","versionEndExcluding":"1.21.0","matchCriteriaId":"BF833E3A-4AA0-42A2-82D3-A3DB202EF43B"}]}]}],"references":[{"url":"https://github.com/xemle/home-gallery/releases/tag/v1.21.0","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/xemle/home-gallery/security/advisories/GHSA-xj65-hcj5-h6j3","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}