CVE-2026-3013

Coppermine Photo Gallery 1.6.09-1.6.27 - Path Traversal

Title source: llm

Description

Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow to read content of any file accessible by the the web server process.This issue was fixed in version 1.6.28.

References (2)

[Various Sources] https://cert.pl/en/posts/2026/03/CVE-2026-3013

[Release Notes] https://github.com/coppermine-gallery/cpg1.6.x/releases/tag/v1.6.28

Scores

EPSS 0.0037

EPSS Percentile 58.6%

Details

CWE

CWE-22

Status published

Published Mar 11, 2026

Tracked Since Mar 11, 2026