Lucene search
+L

4 matches found

CVE
CVE
added 2 days ago14 views

CVE-2026-45576

Summary: CVE-2026-45576 affects the zrok tool. From versions 0.4.23 through 2.0.3, the zrok2 copy command stores attacker-controlled WebDAV or zrok drive paths (e.g., /../outside.txt) in the source inventory and passes them to FilesystemTarget.WriteStream, enabling writing files outside the selec...

8.3CVSS6.1AI score0.00359EPSS
Exploits0References3
OSV
OSV
added 2 days ago4 views

CVE-2026-45576 zrok copy writes attacker-controlled WebDAV paths outside the destination root

zrok is software for sharing web services, files, and network resources. From 0.4.23 until 2.0.3, zrok2 copy stores attacker-controlled WebDAV or zrok drive paths such as /../outside.txt in the source inventory and passes them to FilesystemTarget.WriteStream, allowing the sync pipeline to write...

8.3CVSS6.1AI score0.00359EPSS
Exploits0References5
OSV
OSV
added 2026/05/19 3:38 p.m.11 views

GHSA-C656-JCX2-7PQJ zrok copy writes attacker-controlled WebDAV paths outside the destination root

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

8.3CVSS5.8AI score0.00359EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 3:38 p.m.13 views

zrok copy writes attacker-controlled WebDAV paths outside the destination root

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

8.3CVSS5.8AI score0.00359EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder