GHSA-mfqh-v96x-m264
Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:X/RE:L/U:Clear
Replication is network-based (AV:N) but requires controlling a trusted master node (AC:H, PR:L); successful traversal writes outside the app boundary (S:C), impacting host confidentiality and integrity.
Primary rating from Vendor (CNA).
CVSS VectorVendor
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:X/RE:L/U:Clear
Lifecycle Timeline
2Description PRE-NVD
AnalysisAI
Replication Fullsync in Apache Kvrocks fails to validate filenames transmitted from a master node to a replica during full synchronization, enabling path traversal to arbitrary filesystem locations. Deployments using Kvrocks master-replica replication are affected; standalone instances with no replication configured are not exposed. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the targeted Kvrocks instance is configured as a replica and is in the process of performing a Fullsync with a master node. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS vector or EPSS score has been published for CVE-2026-45188 as of the pre-NVD oss-security disclosure on 2026-06-25, preventing numeric risk quantification. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has compromised or controls a Kvrocks master node triggers a Fullsync with a target replica, sending a crafted SST filename containing path traversal sequences such as '../../etc/cron.d/backdoor' as part of the file list. The replica, lacking filename validation, writes attacker-controlled content to the traversed path on its filesystem. … |
| Remediation | Upgrade Apache Kvrocks to the patched version once released by the Apache Security Team - no confirmed fix version number is available in the current pre-NVD disclosure; monitor https://www.openwall.com/lists/oss-security/2026/06/25 and the Apache Kvrocks security page for the exact patched release. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39334