Advisories for Cargo/Actix-Files package

2026

actix-files has a possible exposure of information vulnerability

When passing a non-existing folder to the actix_files::Files::new() method causes the actix server to expose unexpected files.

[actix-files] Panic triggered by empty Range header in GET request for static file

A GET request for a static file served by actix-files with an empty Range header triggers a panic. With panic = "abort", a remote user may crash the process on-demand.