VYPR
Vendor

Openziti

Products
2
CVEs
5
Across products
5
Status
Private

Products

2

Recent CVEs

5
  • CVE-2026-45568criMay 19, 2026
    risk 0.52cvss epss 0.00

    ## Summary Alice exposes a Python SDK `ProxyShare` with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to `urllib.parse.urljoin`, which replaces Alice's configured target host with Bob's host and returns…

  • CVE-2026-42275HigMay 8, 2026
    risk 0.50cvss 8.7epss 0.00

    zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend (davServer.Dir) restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared…

  • CVE-2026-45576higMay 19, 2026
    risk 0.38cvss epss 0.00

    ## Summary Alice runs `zrok2 copy` from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV `href` such as `/../outside.txt`. The sync pipeline stores that path in the source inventory and passes it to `FilesystemTarget.WriteStream`, which…

  • CVE-2025-27501Mar 3, 2025
    risk 0.00cvss epss 0.00

    OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs…

  • CVE-2025-27500Mar 3, 2025
    risk 0.00cvss epss 0.00

    OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint(/api/upload) on the admin panel can be accessed without any form of authentication. This endpoint accepts an HTTP POST to upload a file which is then stored on the node and…