Approved changes feed: RSS · Atom
cpe:2.3:a:gnu:wget2:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Gnu (575dd98a-a14a-5d9e-a2eb-97d38d86fcb9) |
|---|---|
| Product | Wget2 (6a194f14-cff5-548a-aef0-0655da397bdf) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/rockdaboot/wget2 |
purl2cpe | 2026-06-01 10:11:53.803870 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-1858 |
vulnerable | 2026-06-03 15:14:45.458303 |
wget2 Improper Certificate Validation
MEDIUM (4.8)
wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.
Published: 2026-04-29T20:15:50.866Z
Updated: 2026-04-30T15:22:05.205Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-69195 |
vulnerable | 2026-06-03 15:11:04.691359 |
Wget2: gnu wget2: memory corruption and crash via filename sanitization logic with attacker-controlled urls
HIGH (7.6)
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities.
Published: 2026-01-09T07:57:17.240Z
Updated: 2026-02-26T15:04:52.822Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-69194 |
vulnerable | 2026-06-03 15:11:04.690862 |
Wget2: arbitrary file write via metalink path traversal in gnu wget2
HIGH (8.8)
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.
Published: 2026-01-09T07:53:48.144Z
Updated: 2026-02-26T15:04:53.176Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.