CVE-2026-27969

Name of the Vulnerable Software and Affected Versions Vitess versions prior to 23.0.3 and versions prior to 22.0.4

Description Vitess, a database clustering system for horizontal scaling of MySQL, contains a path traversal issue in the builtinbackupengine component during the backup restoration process. An attacker with read/write access to the backup storage location (such as an S3 bucket) can manipulate backup manifest files. This manipulation allows them to write files to arbitrary locations during a restore operation, potentially gaining unintended or unauthorized access to the production deployment environment. This access could allow the attacker to access sensitive information and execute arbitrary commands. The vulnerability arises from improper validation of file paths within the backup manifest.

Recommendations Versions prior to 23.0.3 should be updated to version 23.0.3 or later. Versions prior to 22.0.4 should be updated to version 22.0.4 or later.