CVE-2026-25116

Name of the Vulnerable Software and Affected Versions Runtipi versions 4.5.0 through 4.7.1

Description Runtipi is a personal homeserver orchestrator. An unauthenticated Path Traversal issue exists in the UserConfigController. This allows a remote user to overwrite the system's docker-compose.yml configuration file by exploiting insecure URN parsing. An attacker can replace the primary stack configuration with a malicious one, leading to full Remote Code Execution (RCE) and host filesystem compromise when the instance is restarted by the operator. The vulnerable component is the UserConfigController. The vulnerable file is docker-compose.yml.

Recommendations Versions prior to 4.7.2 are affected. Update to version 4.7.2 or later.