Path Traversal in Openziti Zrok
CVE-2026-45576
zrok is software for sharing web services, files, and network resources. From 0.4.23 until 2.0.3, `zrok2 copy` stores attacker-controlled WebDAV or zrok drive paths such as /../outside.txt in the source inventory and passes them to Filesys…
Vulnerability class: Path Traversal (Directory Traversal)
Affected products
- Openziti Zrok — versions >= 0.4.23, < 2.0.3
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)