Siderolabs Omni CVE-2026-45723
LOWSeverity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
Summary
managementServer.CreateSchematic (internal/backend/grpc/schematics.go) passes the caller-controlled TalosVersion field directly to imageFactoryClient.OverlaysVersions, which embeds it verbatim into a fmt.Sprintf("/version/%s/overlays/official", talosVersion) path template. url.URL.JoinPath resolves any ../ sequences in that path, allowing an authenticated Operator to rewrite the URL path and force Omni to issue HTTP GET requests to unintended paths on the configured image-factory server. Error body content from those unintended endpoints is returned to the caller.
Severity
- Attack Vector: Network: exploited via the gRPC
CreateSchematicAPI endpoint. - Attack Complexity: Low: once the attacker holds an Operator credential and has identified a media ID with an overlay, exploitation is a single API call.
- Privileges Required: High:
role.Operatoris required, which has administrative capabilities on Omni. - User Interaction: None.
- Scope: Unchanged: the traversal is constrained to the configured image-factory host; the attacker cannot redirect Omni to an arbitrary external server.
- Confidentiality Impact: Low: error body content from unintended image-factory endpoints is reflected back to the operator, potentially leaking server-internal information.
- Integrity Impact: None: only HTTP GET requests are issued; no write operations are performed.
- Availability Impact: None.
Impact
- Same-host path traversal: An authenticated Operator can force Omni to issue GET requests to arbitrary URL paths on the configured image-factory server, bypassing the intended versioned overlay API structure.
- Error-body disclosure: HTTP error responses from unintended image-factory endpoints are reflected back to the operator, potentially leaking server-internal diagnostics or sensitive path content.
- Internal network probing: In deployments using a private image-factory instance on an internal network, the attacker can probe endpoint existence and partial responses through error-text differences.
- Depth control: By varying the number of
../prefixes intalosVersion, the attacker can reach any path hierarchy on the image-factory host.
Credit
This vulnerability was discovered and reported by bugbunny.ai.
AnalysisAI
Path traversal in Siderolabs Omni's CreateSchematic gRPC endpoint allows an authenticated Operator to force the server to issue HTTP GET requests to arbitrary paths on the configured image-factory host by injecting ../ sequences into the TalosVersion field. The CVSS score of 2.7 (PR:H, C:L) reflects that exploitation requires a high-privilege Operator credential and yields only limited confidentiality impact - error body content from unintended image-factory endpoints is reflected back to the caller. No public exploit or CISA KEV listing exists at time of analysis, placing this in a low-priority patch tier for most deployments.
Technical ContextAI
The vulnerable code resides in internal/backend/grpc/schematics.go within the managementServer.CreateSchematic handler. The caller-supplied TalosVersion gRPC field is passed unsanitized to imageFactoryClient.OverlaysVersions, which embeds it verbatim into a fmt.Sprintf("/version/%s/overlays/official", talosVersion) path template. Go's url.URL.JoinPath resolves ../ dot-segment sequences per RFC 3986, allowing traversal above the intended path hierarchy. CWE-20 (Improper Input Validation) is the root cause class - the server trusts caller-controlled input for URL path construction without stripping traversal characters or canonicalizing the resulting path before use. The affected package is pkg:go/github.com_siderolabs_omni (Go module github.com/siderolabs/omni).
RemediationAI
Upgrade to Siderolabs Omni v1.6.6 for 1.6.x deployments or v1.7.3 for 1.7.x deployments; binaries and release notes are available at https://github.com/siderolabs/omni/releases/tag/v1.6.6 and https://github.com/siderolabs/omni/releases/tag/v1.7.3. Before upgrading to v1.6.6, operators must remove all deprecated flags and config keys introduced in v1.4.0 (including --audit-log-dir, --secondary-storage-path, --machine-log-storage-path, and others listed in the release notes) as their presence will cause startup failure. Operators upgrading from versions older than v1.4.0 must first upgrade to a v1.4.x release to complete data migrations before targeting v1.6.6. If immediate patching is not feasible, restrict role.Operator assignments to the minimum set of trusted accounts; this does not eliminate the vulnerability but reduces the attacker population. No other workarounds that address the root input-validation defect without patching are documented in the advisory.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-c66c-vq6w-fvh5