Vuln
·
Scope
Home
Packages
KEV
Critical
Insights
Jobs
Pricing
EN
中
Loading…
Go/github.com/openziti/zrok — 5 CVEs · VulnScope
pkg:Go/
github.com/openziti/zrok
5 total CVEs
HIGH
2
MEDIUM
2
✅ Check your installed version
Check
All known vulnerabilities
HIGH
8.7
CVE-2026-42275
zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write
from 0, <= 1.1.11
HIGH
7.5
CVE-2026-40303
zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing
from 0, <= 1.1.11
MEDIUM
6.1
CVE-2026-40302
zrok: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering
from 0, <= 1.1.11
MEDIUM
5.3
zrok: Broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records
from 0, <= 1.1.11
—
zrok copy writes attacker-controlled WebDAV paths outside the destination root
>= 0.4.23, <= 1.1.11
CVE-2026-40304
CVE-2026-45576