CVE-2026-28679

Name of the Vulnerable Software and Affected Versions Home-Gallery.org versions prior to 1.21.0

Description The application does not verify if a requested file for download is within the expected media source directory. This can allow an attacker to download sensitive system files.

Recommendations Update to version 1.21.0 or later.