Treeverse Lakefs
5 CVEs affecting Treeverse Lakefs. Latest disclosed: 2026-02-13. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-26187 | High | 8.1 | 2026-02-13 | lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter (pkg/block/local/adapter.go… |
CVE-2025-68671 | Medium | 6.5 | 2026-01-15 | lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated re… |
CVE-2025-27100 | Medium | 6.5 | 2025-02-21 | lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by ex… |
CVE-2024-43784 | Medium | 5.7 | 2024-11-26 | lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have be… |
CVE-2025-64179 | Medium | 5.3 | 2025-11-06 | lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/… |