Vulnerability Report: GO-2026-4321
- CVE-2025-68671, GHSA-f2ph-gc9m-q55f
- Affects: github.com/treeverse/lakefs
- Published: Jan 23, 2026
lakeFS is Missing Timestamp Validation in S3 Gateway Authentication in github.com/treeverse/lakefs
For detailed information about this vulnerability, visit https://github.com/treeverse/lakeFS/security/advisories/GHSA-f2ph-gc9m-q55f.
Affected Packages
-
PathVersionsSymbols
Aliases
References
- https://github.com/treeverse/lakeFS/security/advisories/GHSA-f2ph-gc9m-q55f
- https://github.com/treeverse/lakeFS/commit/92966ae611d7f1a2bbe7fd56f9568c975aab2bd8
- https://github.com/treeverse/lakeFS/issues/9599
- https://github.com/treeverse/lakeFS/pull/9710
- https://vuln.go.dev/ID/GO-2026-4321.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.