Unknown · Home-Gallery.Org · CVE-2026-28679
**Name of the Vulnerable Software and Affected Versions**
Home-Gallery.org versions prior to 1.21.0
**Description**
The application does not verify if a requested file for download is within the expected media source directory. This can allow an attacker to download sensitive system files.
**Recommendations**
Update to version 1.21.0 or later.