Echo
This hub aggregates every CVE we track for Echo, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
1
Critical
3
High
0
In CISA KEV
Severity distribution
MEDIUM4HIGH3CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
1
0
0
0
1
0
2024-082026-07
Latest CVEs
The 8 most recently published vulnerabilities affecting Echo.
- CVE-2026-55677Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files7.5
- CVE-2026-25766Echo has a Windows path traversal via backslash in middleware.Static default filesystem5.3
- CVE-2025-53432WordPress Echo theme <= 1.15.0 - Local File Inclusion vulnerability8.1
- CVE-2025-51741An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via ...7.5
- CVE-2020-36565Directory traversal on Windows in github.com/labstack/echo/v45.3
- CVE-2022-40083Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forge...9.6
- CVE-2015-8007The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as dem...4.0
- CVE-2009-5135The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity ...5.0
Product normalization is registry-driven with AI assist and human review. How it works