MEDIUM
runtipi
CVE published 2026-06-17
CVE-2026-47277
CVE-2026-47277 is a MEDIUM severity vulnerability in Runtipi, a personal homeserver orchestrator. Versions 4.9.1 through 4.9.3 are affected by an unauthenticated arbitrary file read issue. The vulnerability arises from Runtipi serving marketplace app logos from files inside cloned app-store repositories through a public endpoint. This allows attackers to exploit symlinks in the app store, potentially lead [truncated]