CVE-2026-15146: GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP U
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an attacker to forge server-side requests (SSRF) from the machine running Wget, potentially accessing localhost services or internal network resources.
Details
Original advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-15146
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-15146 | coverage & exploitation status | NVD · CVE.org |
Recent advisories for GNU Wget does
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- mediumCVE-2026-58472: GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerabilit…nvd · 2026-07-07
- mediumCVE-2026-58471: GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerabilit…nvd · 2026-07-07
- mediumCVE-2026-58470: GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability i…nvd · 2026-07-07
- highCVE-2026-58469: GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerabili…nvd · 2026-07-07
More from NVD Recent CVEs
- unknownCVE-2026-57828: The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload t…2026-07-11
- unknownCVE-2026-57827: The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that al…2026-07-11
- highCVE-2026-1359: The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized m…2026-07-11
- highCVE-2026-9282: The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up…2026-07-11
- mediumCVE-2026-9017: The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to autho…2026-07-11