All 5 CVE vulnerabilities found in go-tuf, with AI-generated Chinese analysis, references, and POCs.
Vendor: theupdateframework
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-24686 | go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names CWE-22 | 4.7 | Medium | 2026-01-27 |
| CVE-2026-23992 | go-tuf improperly validates the configured threshold for delegations CWE-347 | 5.9 | Medium | 2026-01-22 |
| CVE-2026-23991 | go-tuf affected by client DoS via malformed server response CWE-617 | 5.9 | Medium | 2026-01-22 |
| CVE-2024-47534 | Incorrect delegation lookups can make go-tuf download the wrong artifact CWE-362 | - | - | 2024-10-01 |
| CVE-2022-29173 | No protection against rollback attacks in go-tuf CWE-354 | 8.0 | High | 2022-05-05 |
All 5 known CVE vulnerabilities affecting go-tuf with full Chinese analysis, references, and POCs where available.