CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

Vitess allows HTML injection in /debug/querylogz & /debug/env

Summary The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. Details These pages are rendered using text/template instead of rendering with a proper HTML...

GHSA-7MWH-Q3XM-QH6P Vitess allows HTML injection in /debug/querylogz & /debug/env

Summary The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. Details These pages are rendered using text/template instead of rendering with a proper HTML...

Vitess 安全漏洞

Vitess is a database clustering system for horizontally scaling MySQL from the Vitess open source. A security vulnerability exists in Vitess that stems from the /debug/querylogz and /debug/env pages of vtgate and vttablet not properly escaping user input...