2 matches found
CVE-2026-53535
Activepieces prior to 0.82.0 is affected by an arbitrary file write in the git-sync workflow. The issue occurs because git-sync clones a configured repository into a temporary server directory with Git’s symbolic-link handling enabled, allowing symlinks to redirect writes. Additionally, on-disk i...
CVE-2026-53535 Activepieces: Arbitrary file write in git-sync via path traversal and symlinks
Activepieces is an open source AI workflow automation platform. Prior to 0.82.0, the git-sync feature clones a user-configured Git repository into a temporary directory on the server and then writes flow, table, and connection state into it before pushing back, and two separate weaknesses allowed...