SUSE CVE-2026-27965

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

EUVD-2026-8818

Vitess users with backup storage access can gain unauthorized access to production deployment environments...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via manipulation of backup manifest files. An attacker can execute arbitrary commands in the production deployment environment by restoring a crafted backup. Workaround This vulnerability can be mitigated by specifying...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via manipulation of backup manifest files. An attacker can execute arbitrary commands in the production deployment environment by restoring a crafted backup. Workaround This vulnerability can be mitigated by specifying...

CVE-2026-27965

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

PT-2026-22106

Name of the Vulnerable Software and Affected Versions Vitess versions prior to 23.0.3 Vitess versions prior to 22.0.4 Description Vitess is a database clustering system for horizontal scaling of MySQL. A flaw exists where someone with read/write access to the backup storage location can manipulat...