Security Release v0.2.15
Critical Security Update
All Erugo instances running version 0.2.14 or earlier should update immediately.
Summary
A critical remote code execution (RCE) vulnerability has been discovered and patched in this release. An authenticated low-privileged user could upload arbitrary files to any location on the server by exploiting insufficient path validation during share creation.
Affected Versions
All versions up to and including 0.2.14 are affected.
What You Should Do
- Update immediately to version 0.2.15 or later
- Review your server for any suspicious files in the public web directory
- Check access logs for unusual activity
More Information
For full technical details, see the security advisory on GitHub .
CVE-2026-24897