All 7 CVE vulnerabilities found in algernon, with AI-generated Chinese analysis, references, and POCs.
Vendor: xyproto
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-48126 | Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir CWE-22 | 8.2 | High | 2026-05-26 |
| CVE-2026-46431 | Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: * CWE-942 | 4.3 | Medium | 2026-05-26 |
| CVE-2026-46430 | Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS CWE-668 | 4.3 | Medium | 2026-05-26 |
| CVE-2026-45728 | Algernon: Single-file mode unconditionally enables debug mode CWE-209 | 7.5 | High | 2026-05-26 |
| CVE-2026-45721 | Algernon: handler.lua discovery walks parent directories above the server root CWE-20 | 9.0 | Critical | 2026-05-26 |
| CVE-2026-43981 | Algernon: Race Condition in handle() shared LState CWE-362 | - | - | 2026-05-26 |
| CVE-2026-43982 | Algernon: Path traversal file write via savein() CWE-22 | - | - | 2026-05-26 |
All 7 known CVE vulnerabilities affecting algernon with full Chinese analysis, references, and POCs where available.