Skip to content

CVE lookup

CVE-2026-59092

Pruva has a verified reproduction for CVE-2026-59092: JuiceFS through 1.3.1 exposes debug/metrics endpoints via shared http.DefaultServeMux, enabling authentication bypass and leakage of sensitive metadata connection strings, with potential DoS via profiling handlers.. The canonical evidence record is REPRO-2026-00220.

REPRO

REPRO-2026-00220

Package

JuiceFS (juicedata/juicefs) · go

Severity

HIGH

Status

published