CVE-2026-24897P2HIGHCVSS 8.8PoCfixed in 0.2.152026-01-28
CVE-2026-24897 [HIGH] CWE-22 CVE-2026-24897: Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticat
Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares.
By specifying a writable path within the public web root, an attacker can upload and execute arbitrary
nvd