Browse all 5 CVE security advisories affecting treeverse. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Treeverse is a decentralized metaverse platform enabling virtual world creation and interaction. Historically, it has been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. The platform's complex architecture and integration of third-party services have introduced additional security risks. While no major public security incidents have been widely reported, the presence of five CVEs indicates ongoing security challenges. Treeverse's open nature and user-generated content increase exposure to exploitation, necessitating robust security measures to protect user data and maintain platform integrity.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-26187 | lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access — lakeFSCWE-22 | 8.1 | High | 2026-02-13 |
| CVE-2025-68671 | lakeFS is Missing Timestamp Validation in S3 Gateway Authentication — lakeFSCWE-294 | 6.5 | Medium | 2026-01-15 |
| CVE-2025-64179 | lakeFS: Unauthenticated access to API usage metrics — lakeFSCWE-862 | 5.3 | Medium | 2025-11-06 |
| CVE-2025-27100 | An authenticated user can crash lakeFS by exhausting server memory — lakeFSCWE-400 | 6.5 | Medium | 2025-02-21 |
| CVE-2024-43784 | Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletion — lakeFSCWE-281 | 5.7 | Medium | 2024-11-26 |
This page lists every published CVE security advisory associated with treeverse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.