CVE-2026-25154

Name of the Vulnerable Software and Affected Versions LocalSend versions up to and including 1.17.0

Description LocalSend is an application enabling file and message sharing with nearby devices on a local network, without internet access. When a user initiates a "Share via Link" session, the application starts a local HTTP server to host the selected files. The client-side logic for this web interface resides in app/assets/web/main.js. The handleFilesDisplay function constructs the HTML for the file list by iterating over the files received from the server.

Recommendations Update LocalSend to a version later than 1.17.0.