CVE-2026-25869

Name of the Vulnerable Software and Affected Versions MiniGal Nano versions 0.3.5 and prior

Description The application has a flaw where user-provided input, specifically through the dir parameter in 'index.php', can be manipulated to access files outside the intended directory. The application attempts to prevent this by removing 'dot-dot' sequences, but this protection can be bypassed with specific directory patterns. Successful exploitation allows an attacker to list and view image files from unexpected locations on the system that the web server can read, leading to information disclosure.

Recommendations Versions prior to 0.3.5 should be updated.