VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/openziti/zrok/v2

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-42275 high 8.7 8.7 22d ago zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write
CVE-2026-45576 high 8.0 10d ago zrok copy writes attacker-controlled WebDAV paths outside the destination root
CVE-2026-40304 unknown 1mo ago zrok: Broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records
CVE-2026-40303 unknown 1mo ago zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing
CVE-2026-40302 unknown 1mo ago zrok: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering