CVE-2026-25964

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.5.1

Description Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A path traversal flaw exists in the RecipeImport workflow. This issue is due to inadequate input validation of the file path parameter and insufficient checks within the Local storage backend. This allows authenticated users with import permissions to read arbitrary files on the server, potentially including sensitive system files like /etc/passwd or application configuration files such as settings.py, which could lead to a full system compromise.

Recommendations Update Tandoor Recipes to version 2.5.1.