pkg:Go/github.com/openziti/zrok/v2

All known vulnerabilities

• HIGH8.7CVE-2026-42275zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write
  from 0, < 2.0.2
• HIGH7.5CVE-2026-40303zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing
  from 0, < 2.0.1
• MEDIUM6.1CVE-2026-40302zrok: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering
  from 0, < 2.0.1
• MEDIUM5.3zrok: Broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records
  from 0, < 2.0.1
• —zrok copy writes attacker-controlled WebDAV paths outside the destination root
  from 0, < 2.0.3