CVE-2026-33242
Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
5th
Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths (e.g., protected endpoints or administrative dashboards). This issue stems from the encode_url_path function, which fails to normalize "../" sequences and inadvertently forwards them verbatim to the upstream server by not re-encoding the "." character. Version 0.89.3 contains a patch.
| CWE | CWE-22 |
| Vendor | salvo-rs |
| Product | salvo |
| Published | Mar 23, 2026 |
| Last Updated | Mar 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for salvo-rs salvo
Be the first to know when new high vulnerabilities affecting salvo-rs salvo are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
salvo-rs / salvo
>= 0.39.0, < 0.89.3
References
github.com: https://github.com/salvo-rs/salvo/security/advisories/GHSA-f842-phm9-p4v4 github.com: https://github.com/salvo-rs/salvo/commit/7bac30e6960355c58e358e402072d4a3e5c4e1bb#diff-e319bf7afcb577f7e9f4fb767005072f6335d23f306dd52e8c94f3d222610d02R20 github.com: https://github.com/salvo-rs/salvo/releases/tag/v0.89.3