top of page
perceptive_background_267k.jpg

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate veriā€¦

Published:

3 February 2026 at 23:00:00

Alert date:

4 February 2026 at 21:03:00

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

Alist file list program versions prior to 3.57.0 disable TLS certificate verification by default for outgoing storage driver communications. This vulnerability makes the system susceptible to Man-in-the-Middle attacks, allowing complete decryption, theft, and manipulation of data during storage operations. The issue severely compromises confidentiality and integrity of user data transmitted through storage operations. The vulnerability has been patched in version 3.57.0.

Technical details

Mitigation steps:

Affected products:

Alist

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-25160
https://github.com/AlistGo/alist/commit/69629ca76a8f2c8c973ede3b616f93aa26ff23fb
https://github.com/AlistGo/alist/security/advisories/GHSA-8jmm-3xwx-w974

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page