CVE Catalog

CVE-2026-55439

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile — higher than 26% of all known CVEs

Summary

Halo is an open source website building tool. Prior to version 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem.

Risk Assessment

This vulnerability may lead to unauthorized access to sensitive data on the server, posing a serious security threat to the organization.

Recommendation

It is recommended to upgrade to version 2.24.3 or later to mitigate this vulnerability and ensure proper validation and sanitization of data in the endpoints.

Original NVD description (English source)

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint (GET /apis/console.api.migration.halo.run/v1alpha1/backups/{name}/files/{filename}) in MigrationServiceImpl.download() resolves the backup filename via Path.resolve() without validating that the resolved path stays within the designated backups directory. Also, the Backup creation endpoint (POST /apis/migration.halo.run/v1alpha1/backups) does not sanitize the status fields during creation This vulnerability is fixed in 2.24.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS