VYPR
Vendor

Netfoundry

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2026-42275HigMay 8, 2026
    risk 0.50cvss 8.7epss 0.00

    zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend (davServer.Dir) restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared…

  • CVE-2026-40303HigApr 17, 2026
    risk 0.42cvss 7.5epss 0.00

    zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls make([]string, count) with no upper bound before any token validation occurs. The function is…

  • CVE-2026-40302MedApr 17, 2026
    risk 0.33cvss 6.1epss 0.00

    zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template (which performs no HTML escaping) instead of html/template. The GitHub OAuth callback handlers in both publicProxy and…

  • CVE-2026-40304MedApr 17, 2026
    risk 0.27cvss 5.3epss 0.00

    zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler (controller/unaccess.go) contains a logical error in its ownership guard: when a frontend record has environment_id = NULL (the marker for admin-created global…