vulnerability

Alpine Linux: CVE-2025-69226: Path Traversal

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Jan 5, 2026	Jan 13, 2026	Jan 13, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Jan 5, 2026

Added

Jan 13, 2026

Modified

Jan 13, 2026

Description

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses web.static() (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components. This issue is fixed in version 3.13.3.

Solution

alpine-linux-upgrade-py3-aiohttp

References

CVE-2025-69226
https://attackerkb.com/topics/CVE-2025-69226
URL-https://security.alpinelinux.org/vuln/CVE-2025-69226
CWE-22
CWE-200

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today