CVE-2026-28807
Received Received - Intake
Path Traversal in gleam-wisp wisp Allows Arbitrary File Read

Publication date: 2026-03-10

Last updated on: 2026-04-06

Assigner: EEF

Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.serve_static function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded sequence %2e%2e passes through string.replace unchanged, then uri.percent_decode converts it to .., which the OS resolves as directory traversal when the file is read. An unauthenticated attacker can read any file readable by the application process in a single HTTP request, including application source code, configuration files, secrets, and system files. This issue affects wisp: from 2.1.1 before 2.2.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-04-06
Generated
2026-05-07
AI Q&A
2026-03-11
EPSS Evaluated
2026-05-05
NVD
CVE-2026-28807
EUVD
EUVD-2026-10906
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gleam wisp From 2.1.1 (inc) to 2.2.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Path Traversal issue in the gleam-wisp wisp software. It occurs because the function responsible for serving static files sanitizes the file path before decoding percent-encoded characters. Specifically, the encoded sequence %2e%2e (which represents "..") bypasses the sanitization step and is later decoded to "..", allowing an attacker to traverse directories on the server.

As a result, an unauthenticated attacker can craft a single HTTP request that reads arbitrary files accessible by the application process, including sensitive files such as source code, configuration files, secrets, and system files.


How can this vulnerability impact me? :

This vulnerability can have serious impacts because it allows an attacker to read any file that the application process has permission to access without authentication.

  • Exposure of application source code, which could reveal business logic or other sensitive implementation details.
  • Disclosure of configuration files that may contain sensitive settings or credentials.
  • Access to secret files or system files, potentially leading to further exploitation or system compromise.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart