github.com/labstack/echo/v5 (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/labstack/echo/v5, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (1)
CVE-2026-25766 — CVSS 5.3 (medium): Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s `middleware.Static` using the default filesystem allows…