CVE-2026-42028
Published: Fri, 08 May 2026 17:16
Summary
novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intende
Details
novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1.
Are YOU affected by CVE-2026-42028?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether CVE-2026-42028 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
References
- https://github.com/novafacile/novagallery/commit/46fe7b0f79f429e18c8cff3f92360c4513732ba6
- https://github.com/novafacile/novagallery/releases/tag/v2.1.1
- https://github.com/novafacile/novagallery/security/advisories/GHSA-wv5j-98c7-frm9
- https://github.com/novafacile/novagallery/security/advisories/GHSA-wv5j-98c7-frm9
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.