Unrated severityOSV Advisory· Published Jan 29, 2026· Updated Feb 2, 2026
Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal
CVE-2026-25116
Description
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN parsing, an attacker can replace the primary stack configuration with a malicious one, resulting in full Remote Code Execution (RCE) and host filesystem compromise the next time the instance is restarted by the operator. Version 4.7.2 fixes the vulnerability.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/runtipi/runtipi/releases/tag/v4.7.2mitrex_refsource_MISC
- github.com/runtipi/runtipi/security/advisories/GHSA-mwg8-x997-cqw6mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.