CVE-2026-25869

UNKNOWN 0.0

MiniGal Nano <= 0.3.5 Path Traversal via dir Parameter

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted directory patterns. An attacker can exploit this behavior to cause the application to enumerate and display image files from unintended filesystem locations that are readable by the web server, resulting in unintended information disclosure.

CWE	CWE-22
Vendor	minigal
Product	minigal nano
Published	Feb 11, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for minigal minigal nano

Be the first to know when new unknown vulnerabilities affecting minigal minigal nano are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

MiniGal / MiniGal Nano

0 ≤ 0.3.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

web.archive.org: https://web.archive.org/web/20180330004313/http://www.minigal.dk/minigal-nano.html sourceforge.net: https://sourceforge.net/projects/minigalnano/ vulncheck.com: https://www.vulncheck.com/advisories/minigal-nano-path-traversal-via-dir-parameter

Credits

philopentest