CVE-2026-35465: CWE-73: External Control of File Name or Path in freedomofpress securedrop-client
SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine (sd-app) by exploiting improper filename validation in gzip archive extraction, which permits absolute paths and enables overwriting critical files like the SQLite database. Exploitation requires prior compromise of the dedicated SecureDrop Server, which itself is hardened and only accessible via Tor hidden services. Despite the high attack complexity, the vulnerability is rated High severity due to its significant impact on confidentiality, integrity, and availability of decrypted source submissions. This issue is similar to CVE-2025-24888 but occurs through a different code path, and a more robust fix has been implemented in the replacement SecureDrop Inbox codebase. The issue has been fixed in version 0.17.5.
AI Analysis
Technical Summary
The vulnerability CVE-2026-35465 affects freedomofpress securedrop-client versions prior to 0.17.5. It arises from insufficient validation of filenames in gzip archives extracted by the client, permitting absolute path traversal. This flaw enables a compromised SecureDrop Server to overwrite critical files on the client's virtual machine, including the SQLite database, potentially leading to code execution. Exploitation requires the attacker to have already compromised the SecureDrop Server, which is designed to be hardened and accessible only through Tor hidden services. The issue is similar to CVE-2025-24888 but occurs via a different code path. The vulnerability has been addressed in version 0.17.5 with a more robust fix implemented in the new SecureDrop Inbox codebase.
Potential Impact
If exploited, this vulnerability allows an attacker who has compromised the SecureDrop Server to execute arbitrary code on the SecureDrop Client's virtual machine by overwriting critical files. This impacts the confidentiality, integrity, and availability of decrypted source submissions handled by the client. However, the attack complexity is high due to the prerequisite of server compromise and the server's hardened access controls via Tor.
Mitigation Recommendations
This vulnerability has been fixed in securedrop-client version 0.17.5. Users should upgrade to version 0.17.5 or later to remediate this issue. Since this is not a cloud service, remediation depends on applying the client update. There is no indication of known exploits in the wild at this time.
CVE-2026-35465: CWE-73: External Control of File Name or Path in freedomofpress securedrop-client
Description
SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine (sd-app) by exploiting improper filename validation in gzip archive extraction, which permits absolute paths and enables overwriting critical files like the SQLite database. Exploitation requires prior compromise of the dedicated SecureDrop Server, which itself is hardened and only accessible via Tor hidden services. Despite the high attack complexity, the vulnerability is rated High severity due to its significant impact on confidentiality, integrity, and availability of decrypted source submissions. This issue is similar to CVE-2025-24888 but occurs through a different code path, and a more robust fix has been implemented in the replacement SecureDrop Inbox codebase. The issue has been fixed in version 0.17.5.
CVSS v3.1
Score 7.5high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-35465 affects freedomofpress securedrop-client versions prior to 0.17.5. It arises from insufficient validation of filenames in gzip archives extracted by the client, permitting absolute path traversal. This flaw enables a compromised SecureDrop Server to overwrite critical files on the client's virtual machine, including the SQLite database, potentially leading to code execution. Exploitation requires the attacker to have already compromised the SecureDrop Server, which is designed to be hardened and accessible only through Tor hidden services. The issue is similar to CVE-2025-24888 but occurs via a different code path. The vulnerability has been addressed in version 0.17.5 with a more robust fix implemented in the new SecureDrop Inbox codebase.
Potential Impact
If exploited, this vulnerability allows an attacker who has compromised the SecureDrop Server to execute arbitrary code on the SecureDrop Client's virtual machine by overwriting critical files. This impacts the confidentiality, integrity, and availability of decrypted source submissions handled by the client. However, the attack complexity is high due to the prerequisite of server compromise and the server's hardened access controls via Tor.
Mitigation Recommendations
This vulnerability has been fixed in securedrop-client version 0.17.5. Users should upgrade to version 0.17.5 or later to remediate this issue. Since this is not a cloud service, remediation depends on applying the client update. There is no indication of known exploits in the wild at this time.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-02T19:25:52.193Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e2d977bdfbbecc59bbf816
Added to database: 4/18/2026, 1:08:07 AM
Last enriched: 4/25/2026, 2:53:37 AM
Last updated: 6/1/2026, 11:50:02 AM
Views: 76
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.