Path Traversal in Openziti Zrok
CVE-2026-45568
zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the request…
Vulnerability class: Path Traversal (Directory Traversal)
Affected products
- Openziti Zrok — versions >= 0.4.47, < 2.0.3
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)