PT-2026-3091 · Docmost · Docmost
Ramadhanamizudin
·
Publicado
2026-01-15
·
Atualizado
2026-01-15
·
CVE-2026-22249
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Docmost versions 0.21.0 through 0.23.999
Description
Docmost, an open-source collaborative wiki and documentation software, has a flaw where improper filename validation in the Zip Import Feature (ZipSlip) allows for arbitrary file writing. This occurs in
apps/server/src/integrations/import/utils/file.utils.ts due to the lack of filename validation.Recommendations
Update to version 0.24.0 or later.
Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Docmost