Path Traversal in Ctfer-io Romeo

CVE-2026-32805

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the `sanitizeArchivePath` function in `webserve…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (25.6th percentile) — read the EPSS interpretation.

Affected products

Ctfer-io Romeo — versions < 0.2.2

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/ctfer-io/romeo/security/advisories/GHSA-p799-g7vv-f279 (x_refsource_CONFIRM)
https://github.com/ctfer-io/romeo/commit/c2ebcfb9f305fd5f6ef68858de82507dbac10263 (x_refsource_MISC)