CVE-2026-26058
Zulip: Path Traversal in Import
Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the uploads directory during import. This issue has been patched in version 11.6.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Productos afectados
zulip · zulip¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →