Path Traversal in Ctfer-io Monitoring

CVE-2026-32771

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go (l…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (13.1th percentile) — read the EPSS interpretation.

Affected products

Ctfer-io Monitoring — versions < 0.2.2

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/ctfer-io/monitoring/security/advisories/GHSA-f7cq-gvh6-qr25 (x_refsource_CONFIRM)
https://github.com/ctfer-io/monitoring/commit/269dba165aa42210352628c0db6756f3b8fd3c8a (x_refsource_MISC)
https://security.snyk.io/research/zip-slip-vulnerability#expandable-socPI9fFAJ-title (x_refsource_MISC)