CVE-2026-32771

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go (lines 248–254) is vulnerable to Path Traversal due to a missing trailing path separator in the strings.HasPrefix check. The extractor allows arbitrary file writes (e.g., overwriting shell configs, SSH keys, kubeconfig, or crontabs), enabling RCE and persistent backdoors. The attack surface is further amplified by the default ReadWriteMany PVC access mode, which lets any pod in the cluster inject a malicious payload. This issue has been fixed in version 0.2.2.

CVSS

No CVSS.

References

Link	Resource
https://github.com/ctfer-io/monitoring/commit/269dba165aa42210352628c0db6756f3b8fd3c8a
https://github.com/ctfer-io/monitoring/security/advisories/GHSA-f7cq-gvh6-qr25
https://security.snyk.io/research/zip-slip-vulnerability#expandable-socPI9fFAJ-title

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-20 01:15

Updated : 2026-03-20 13:37

NVD link : CVE-2026-32771

Mitre link : CVE-2026-32771

CVE.ORG link : CVE-2026-32771

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2026-32771", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-20T01:15:55.940", "references": [{"url": "https://github.com/ctfer-io/monitoring/commit/269dba165aa42210352628c0db6756f3b8fd3c8a", "source": "security-advisories@github.com"}, {"url": "https://github.com/ctfer-io/monitoring/security/advisories/GHSA-f7cq-gvh6-qr25", "source": "security-advisories@github.com"}, {"url": "https://security.snyk.io/research/zip-slip-vulnerability#expandable-socPI9fFAJ-title", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go (lines 248\u2013254) is vulnerable to Path Traversal due to a missing trailing path separator in the strings.HasPrefix check. The extractor allows arbitrary file writes (e.g., overwriting shell configs, SSH keys, kubeconfig, or crontabs), enabling RCE and persistent backdoors. The attack surface is further amplified by the default ReadWriteMany PVC access mode, which lets any pod in the cluster inject a malicious payload. This issue has been fixed in version 0.2.2."}, {"lang": "es", "value": "El componente de monitoreo de CTFer.io se encarga de la recolecci\u00f3n, procesamiento y almacenamiento de varias se\u00f1ales (es decir, registros, m\u00e9tricas y trazas distribuidas). En versiones anteriores a la 0.2.2, la funci\u00f3n sanitizeArchivePath en pkg/extract/extract.go (l\u00edneas 248\u2013254) es vulnerable a salto de ruta debido a la falta de un separador de ruta final en la verificaci\u00f3n strings.HasPrefix. El extractor permite escrituras de archivos arbitrarias (por ejemplo, sobrescribir configuraciones de shell, claves SSH, kubeconfig o crontabs), lo que permite RCE y puertas traseras persistentes. La superficie de ataque se amplifica a\u00fan m\u00e1s por el modo de acceso predeterminado ReadWriteMany de PVC, que permite a cualquier pod en el cl\u00faster inyectar una carga \u00fatil maliciosa. Este problema ha sido solucionado en la versi\u00f3n 0.2.2."}], "lastModified": "2026-03-20T13:37:50.737", "sourceIdentifier": "security-advisories@github.com"}