Skip to main content

Vitess

2 CVEs product

Monthly

CVE-2026-27969 Go HIGH PATCH This Week

Path traversal in Vitess backup manifest handling allows authenticated attackers with access to backup storage to write arbitrary files to any location during restore operations, potentially achieving remote code execution on production MySQL deployments. An attacker can manipulate backup manifests to extract files outside intended directories, gaining unauthorized access to sensitive data and the ability to execute arbitrary commands in the production environment. Patches are available for versions 23.0.3 and 22.0.4.

Path Traversal MySQL Vitess Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-27965 Go CRITICAL PATCH Act Now

Command injection in Vitess MySQL clustering system before 23.0.3/22.0.4. Users with read/write access to the backup store can achieve code execution. Patch available.

MySQL Vitess Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Path traversal in Vitess backup manifest handling allows authenticated attackers with access to backup storage to write arbitrary files to any location during restore operations, potentially achieving remote code execution on production MySQL deployments. An attacker can manipulate backup manifests to extract files outside intended directories, gaining unauthorized access to sensitive data and the ability to execute arbitrary commands in the production environment. Patches are available for versions 23.0.3 and 22.0.4.

Path Traversal MySQL Vitess +1
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Command injection in Vitess MySQL clustering system before 23.0.3/22.0.4. Users with read/write access to the backup store can achieve code execution. Patch available.

MySQL Vitess Suse
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy