CVE-2026-27819

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.0.0

Description The restoreConfig function in Vikunja fails to properly validate file paths within ZIP archives used for restoration. A specially crafted ZIP file can bypass directory restrictions, potentially overwriting arbitrary files on the system. Additionally, a malformed archive can cause a runtime panic, leading to a crash after the database has been wiped. The application directly uses the Name attribute of zip.File structs in file opening operations without validation, allowing for path traversal. The restoration process assumes a specific directory structure within the ZIP archive and does not adequately validate the length of slices derived from the archive contents, resulting in a panic when attempting to access an invalid index.

Recommendations Versions prior to 2.0.0 should be updated to version 2.0.0 or later.