CVE-2026-55439
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
Halo is an open source website building tool. Prior to version 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem.
Risk Assessment
This vulnerability may lead to unauthorized access to sensitive data on the server, posing a serious security threat to the organization.
Recommendation
It is recommended to upgrade to version 2.24.3 or later to mitigate this vulnerability and ensure proper validation and sanitization of data in the endpoints.
Original NVD description (English source)
Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint (GET /apis/console.api.migration.halo.run/v1alpha1/backups/{name}/files/{filename}) in MigrationServiceImpl.download() resolves the backup filename via Path.resolve() without validating that the resolved path stays within the designated backups directory. Also, the Backup creation endpoint (POST /apis/migration.halo.run/v1alpha1/backups) does not sanitize the status fields during creation This vulnerability is fixed in 2.24.3.

