Description
aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,
Scores
CVSS v3
5.8
EPSS
0.0112
EPSS Percentile
78.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-23
Status
published
Products (1)
rjarry/aerc
< 93bec0de8ed5ab3d6b1f01026fe2ef20fa154329
Published
Jun 05, 2025
Tracked Since
Feb 18, 2026