PT-2026-22744 · Unknown · Openviking
Ernkastel
·
Published
2026-03-03
·
Updated
2026-03-03
·
CVE-2026-28518
CVSS v4.0
8.4
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
OpenViking versions prior to 0.2.1
Description
The software contains a path traversal issue in the handling of .ovpack imports. This allows attackers to write files outside the intended import directory. Attackers can create malicious ZIP archives with traversal sequences, absolute paths, or drive prefixes in member names to overwrite or create arbitrary files with the importing process privileges.
Recommendations
Update to version 0.2.1 or later.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openviking