Labstack Echo
4 CVEs affecting Labstack Echo. Latest disclosed: 2026-06-26. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-40083 | Critical | 9.6 | 2022-09-28 | Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attacker… |
CVE-2026-55677 | High | 7.5 | 2026-06-26 | Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the… |
CVE-2026-25766 | Medium | 5.3 | 2026-02-19 | Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s `middleware.Static` using the default filesystem allows path traversal via backs… |
CVE-2020-36565 | Medium | 5.3 | 2022-12-07 | Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of th… |