Vulnerabilidades en openziti
6 resultadosCVE-2026-40303HIGHzrok allows unauthenticated DoS via unbounded memory allocation in striped session cookie parsingEPSS 0.5%CVE-2025-27501HIGHServer Side Request Forgery in Ziti ConsoleEPSS 0.4%CVE-2026-42275HIGHzrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/writeEPSS 0.3%CVE-2026-40304MEDIUMzrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend recordsEPSS 0.3%CVE-2025-27500HIGHCross Site Scripting potential in Ziti ConsoleEPSS 0.3%CVE-2026-40302MEDIUMzrok has reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error renderingEPSS 0.2%