Description

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image (except for image/svg+xml, see CVE-2022-30110, CVE-2024-12326 and CVE-2025-7066), video and audio. However, it was possible to bypass this check by sending a manipulated HTTP request with an invalid MIME type like image. When doing the preview, the browser tries to automatically detect the MIME type resulting in detecting SVG and possibly executing JavaScript code. To prevent this, MIME sniffing is disabled by sending the HTTP header X-Content-Type-Options: nosniff.

INFO

Published Date :

2026-01-28T06:33:15.181Z

Last Modified :

2026-01-28T20:48:25.368Z

Source :

GitLab
AFFECTED PRODUCTS

The following products are affected by CVE-2026-1466 vulnerability.

Vendors Products
Jirafeau
  • Jirafeau
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-1466.

URL Resource
https://gitlab.com/jirafeau/Jirafeau/-/commit/747afb20bfcff14bb67e40e7035d47a6311ba3e1 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-30110 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-12326 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-7066 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact