Quarkus Openapi Generator

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-40180 HIGH PATCH This Week

Path traversal vulnerability in Quarkus OpenAPI Generator (Quarkiverse) versions prior to 2.16.0 and 2.15.0-lts allows unauthenticated remote attackers to write arbitrary files outside intended directories via malicious ZIP archives. The ApicurioCodegenWrapper.java unzip() method fails to validate file paths during extraction, enabling path traversal sequences (../../) to bypass output directory restrictions and achieve arbitrary file write with high integrity impact. No public exploit identified at time of analysis. Affects Java-based Quarkus extensions for REST client and server stub generation.

Java Path Traversal Quarkus Openapi Generator
NVD GitHub
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-40180
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Path traversal vulnerability in Quarkus OpenAPI Generator (Quarkiverse) versions prior to 2.16.0 and 2.15.0-lts allows unauthenticated remote attackers to write arbitrary files outside intended directories via malicious ZIP archives. The ApicurioCodegenWrapper.java unzip() method fails to validate file paths during extraction, enabling path traversal sequences (../../) to bypass output directory restrictions and achieve arbitrary file write with high integrity impact. No public exploit identified at time of analysis. Affects Java-based Quarkus extensions for REST client and server stub generation.

Java Path Traversal Quarkus Openapi Generator
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy