CVE-2026-22257

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-22257

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22257.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-22257

Aliases

GHSA-54m3-5fxr-2f3j

Published

2026-01-08T18:22:05.661Z

Modified

2026-01-13T20:10:06.625321Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L CVSS Calculator

Summary

Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Details

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can upload a file. This issue has been patched in version 0.88.1.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22257.json",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Git / github.com/salvo-rs/salvo

Affected ranges

Type

GIT

Repo

https://github.com/salvo-rs/salvo

Events

Introduced

Fixed

6d3cd29e80a583c07f73917991471290f5480315

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.88.1"
        }
    ]
}

Affected versions

v0.*

v0.18.3

v0.18.4

v0.19.0

v0.19.1

v0.20.0

v0.21.0

v0.21.1

v0.21.2

v0.21.3

v0.21.4

v0.21.5

v0.21.6

v0.21.7

v0.22.0

v0.22.1

v0.22.2

v0.23.0

v0.23.1

v0.23.2

v0.23.3

v0.24.0

v0.24.1

v0.24.2

v0.24.4

v0.25.0

v0.25.1

v0.26.0

v0.26.1

v0.27.0

v0.28.1

v0.28.2

v0.29.0

v0.29.1

v0.30.0

v0.31.0

v0.31.1

v0.32.0

v0.33.1

v0.33.2

v0.34.2

v0.34.3

v0.35.1

v0.35.2

v0.36.0

v0.37.0

v0.37.1

v0.37.2

v0.37.3

v0.37.4

v0.41.1

v0.42.0

v0.42.1

v0.43.0

v0.44.0

v0.44.1

v0.45.0

v0.46.0

v0.47.0

v0.48.0

v0.48.1

v0.48.2

v0.49.0

v0.49.1

v0.50.1

v0.50.2

v0.50.3

v0.50.4

v0.50.5

v0.51.0

v0.52.0

v0.52.1

v0.53.0

v0.54.0

v0.54.1

v0.54.3

v0.55.0

v0.55.1

v0.55.2

v0.55.3

v0.55.4

v0.55.5

v0.56.0

v0.57.0

v0.58.0

v0.58.1

v0.58.2

v0.58.3

v0.58.4

v0.58.5

v0.59.0

v0.59.1

v0.60.0

v0.61.0

v0.63.0

v0.63.1

v0.64.0

v0.64.1

v0.64.2

v0.65.0

v0.65.1

v0.65.2

v0.66.1

v0.66.2

v0.67.0

v0.67.1

v0.67.2

v0.68.0

v0.68.1

v0.68.2

v0.68.3

v0.68.4

v0.68.5

v0.69.0

v0.70.0

v0.71.0

v0.71.1

v0.72.0

v0.72.1

v0.72.2

v0.72.3

v0.72.4

v0.73.0

v0.74.0

v0.74.1

v0.74.2

v0.74.3

v0.75.0

v0.76.0

v0.76.1

v0.76.2

v0.77.0

v0.77.1

v0.78.0

v0.79.0

v0.80.0

v0.81.0

v0.82.0

v0.83.0

v0.84.0

v0.84.1

v0.84.2

v0.85.0

v0.86.0

v0.87.0

v0.87.1

v0.88.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22257.json"