Description
novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1.
Published: 2026-05-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a path‑traversal flaw in novaGallery, allowing unauthenticated users to craft image URLs that point to files outside the gallery root directory. By substituting directory traversal sequences in the album and cached image routes, an attacker can retrieve image files located elsewhere on the server. The disclosed data are limited to image files, potentially revealing sensitive visual content that may have been unintentionally exposed.

Affected Systems

Novafacile novagallery versions older than 2.1.1 are affected. The 2.1.1 release contains the fix that removes the vulnerable route handlers and validates requested paths against the gallery root.

Risk and Exploitability

The CVSS base score of 5.3 indicates a moderate risk. EPSS is not available, and the vulnerability is not listed in CISA's KEV catalog. The flaw can be exploited through unauthenticated HTTP requests to the album or cached image endpoints by supplying path traversal sequences; the attacker only gains read access to image files located outside the intended root, not arbitrary server files.

Generated by OpenCVE AI on May 8, 2026 at 20:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to novagallery version 2.1.1 or later to apply the vendor patch.
  • If an immediate update is not possible, configure the web server to reject requests that contain '..' in the path for the album and cached image routes.
  • Restrict filesystem permissions on the gallery root’s parent directories to deny read access, preventing traversal of files outside the intended directory.

Generated by OpenCVE AI on May 8, 2026 at 20:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 08 May 2026 16:30:00 +0000

Type Values Removed Values Added
Description novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1.
Title novaGallery: Unauthenticated Path Traversal in Album and Cached Image Routes Allows Reading Images Outside Gallery Root
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-08T17:05:04.239Z

Reserved: 2026-04-23T16:05:01.707Z

Link: CVE-2026-42028

cve-icon Vulnrichment

Updated: 2026-05-08T17:04:59.767Z

cve-icon NVD

Status : Received

Published: 2026-05-08T17:16:31.177

Modified: 2026-05-08T18:16:33.827

Link: CVE-2026-42028

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T20:45:16Z

Weaknesses