Path Traversal in Openziti Zrok

CVE-2026-45568

zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the request…

Vulnerability class: Path Traversal (Directory Traversal)

Affected products

Weakness classification (CWE)

References