ByteOS Network

NVD Vulnerability Details :

CVE-2026-42028

Received

Source-security-advisories@github.com

Published At-08 May, 2026 | 17:16

Updated At-08 May, 2026 | 18:16

novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-22	Secondary	security-advisories@github.com

CWE ID: CWE-22

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/novafacile/novagallery/commit/46fe7b0f79f429e18c8cff3f92360c4513732ba6	security-advisories@github.com	N/A
https://github.com/novafacile/novagallery/releases/tag/v2.1.1	security-advisories@github.com	N/A
https://github.com/novafacile/novagallery/security/advisories/GHSA-wv5j-98c7-frm9	security-advisories@github.com	N/A
https://github.com/novafacile/novagallery/security/advisories/GHSA-wv5j-98c7-frm9	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A