Openziti Zrok
4 CVEs affecting Openziti Zrok. Latest disclosed: 2026-05-08. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42275 | High | 8.7 | 2026-05-08 | zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend (davServer.Dir) restricts path t… |
CVE-2026-40303 | High | 7.5 | 2026-04-17 | zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie… |
CVE-2026-40302 | Medium | 6.1 | 2026-04-17 | zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template (which per… |
CVE-2026-40304 | Medium | 5.3 | 2026-04-17 | zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler (controller/unaccess.go) contains a logic… |