Threats Tagged 'cve-2026-27969'
View all threats tagged with 'cve-2026-27969'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-27969'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-27969: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in vitessio vitessCVE-2026-27969 0 Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is a common path traversal security issue. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment — allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. No known workarounds are available. Join the discussion | CVE Database V5 | 02/26/2026, 01:52:30 UTC Added: 02/26/2026, 02:11:36 UTC |
Showing 1 to 1 of 1 result