PatchSiren

openziti CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH openziti CVE published 2026-07-16

CVE-2026-45576

A high-severity vulnerability was discovered in zrok software, affecting versions from 0.4.23 to 2.0.3. The issue allows attackers to write files outside the selected local filesystem destination root via path traversal. This vulnerability exists in the `zrok2 copy` command, which stores attacker-controlled WebDAV or zrok drive paths and passes them to FilesystemTarget.WriteStream. This allows the sync pi [truncated]