CNNVD-202601-4849 Information

CNNVD ID

CNNVD-202601-4849

Related CVE

CVE-2026-25116

• CNNVD Published: 2026-01-29

Description (Chinese)

Runtipi是Runtipi开源的一个家庭服务器编排器。 Runtipi 4.7.2之前版本存在访问控制错误漏洞，该漏洞源于未经身份验证的路径遍历，可能导致覆盖docker-compose.yml配置文件，实现远程代码执行和主机文件系统泄露。

Description (English)

Runtipi is a home server organizer from Runtipi Open Source. Pre-Runtipi 4.7.2 has access control error loopholes, which are derived from unauthenticated routing, which could lead to the coverage of the docker-compose.yml configuration file, remote code execution and the leakage of the host file system.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

Runtipi

Published

2026-01-29

Last Modified

2026-02-24

References

https://github.com/runtipi/runtipi/releases/tag/v4.7.2 https://github.com/runtipi/runtipi/security/advisories/GHSA-mwg8-x997-cqw6 https://access.redhat.com/security/cve/cve-2026-25116

Patch

https://github.com/runtipi/runtipi/releases