CNNVD-202601-3931 Information

CNNVD ID

CNNVD-202601-3931

Related CVE

CVE-2026-24129

• CNNVD Published: 2026-01-22

Description (Chinese)

Runtipi — A personal homeserver for everyone是Runtipi开源的一个家庭服务器。 Runtipi 3.7.0及之前版本存在操作系统命令注入漏洞，该漏洞源于备份文件名清理不当，可能导致经过身份验证的用户在主机服务器上执行任意系统命令。

Description (English)

Runtipi — A personal homeserver for everyone is a home server from Runtipi. Runtipi 3.7.0 and previous versions had a bug in the operating system commands, which stemmed from the inappropriate clean-up of backup file names, which could result in any system order being performed on the host server by an identified user.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

Runtipi

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/runtipi/runtipi/commit/c3aa948885554a370d374692158a3bfe1cfdc85a https://github.com/runtipi/runtipi/releases/tag/v4.7.0 https://github.com/runtipi/runtipi/security/advisories/GHSA-vrgf-rcj5-6gv9 https://access.redhat.com/security/cve/cve-2026-24129

Patch

https://runtipi.io/