Vulnerability in Gnu Wget
CVE-2026-15146
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data conne…
CVSS v3 metric
CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.
Affected products
- Gnu Wget — versions 0
References
Frequently asked questions
- What is CVE-2026-15146?
- CVE-2026-15146 is a medium-severity vulnerability in Gnu Wget, classified under CWE-918 SERVER-SIDE REQUEST FORGERY (SSRF). CVSS score: 5.9/10. Published 2026-07-10.
- How severe is CVE-2026-15146?
- Medium severity. CVSS v3 base score is 5.9 out of 10.