HIGH🇵🇱 Wersja polska

CVE-2026-25116

CVSS 7.6v3.1pub. 2026-01-29upd. 2026-02-26

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the `UserConfigController` allows any remote user to overwrite the system's `docker-compose.yml` configuration file. By exploiting insecure URN parsing, an attacker can replace the primary stack configuration with a malicious one, resulting in full Remote Code Execution (RCE) and host filesystem compromise the next time the instance is restarted by the operator. Version 4.7.2 fixes the vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
  • Runtipi

    APP
    Runtipi
    4.5.0 – 4.7.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath TraversalContainer
CWE
References

Related vulnerabilities

CVE-2026-32729HIGH8.1ten sam produkt

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does...

CVE-2026-31881HIGH7.7ten sam produkt

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the opera...

CVE-2026-24129HIGH8.0ten sam produkt

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single ser...