HIGH
openziti
CVE published 2026-07-16
CVE-2026-45576
A high-severity vulnerability was discovered in zrok software, affecting versions from 0.4.23 to 2.0.3. The issue allows attackers to write files outside the selected local filesystem destination root via path traversal. This vulnerability exists in the `zrok2 copy` command, which stores attacker-controlled WebDAV or zrok drive paths and passes them to FilesystemTarget.WriteStream. This allows the sync pi [truncated]