CVE-2026-30117

Name of the Vulnerable Software and Affected Versions scalar/astro version 0.1.13

Description An arbitrary file upload issue exists in the Scalar Proxy endpoint via the scalar url query parameter. This allows attackers to execute arbitrary code by uploading a specially crafted SVG file (Scalable Vector Graphics, an XML-based vector image format).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.