JuiceFS – Authentication Bypass via pprof and metrics Endpoints (CVE-2026-59092)
– JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux.
Read More