GHSA-H39G-6X3C-7FQ9: GHSA-h39g-6x3c-7fq9: Path Confinement Bypass in Zio SubFileSystem

GHSA-h39g-6x3c-7fq9: Path Confinement Bypass in Zio SubFileSystem

Vulnerability ID: GHSA-H39G-6X3C-7FQ9
CVSS Score: 5.9
Published: 2026-04-18

The Zio library for .NET contains a path confinement bypass vulnerability allowing attackers to escape the SubFileSystem restricted directory structure. An attacker can use trailing slashes and traversal segments to read and write files in the parent filesystem.

TL;DR

Zio versions prior to 0.22.2 suffer from a path traversal vulnerability in SubFileSystem, enabling attackers to escape the directory sandbox.

---

⚠️ Exploit Status: POC

Technical Details

• CWE: CWE-22
• CVSS Score: 5.9
• Attack Vector: Network
• Impact: Confidentiality (Low), Integrity (Low)
• Exploit Status: Proof of Concept
• Fixed Version: 0.22.2

Affected Systems

• .NET applications utilizing the Zio library
• Zio SubFileSystem components processing user-supplied paths
• Zio: < 0.22.2 (Fixed in: 0.22.2)

Code Analysis

Commit: c8c2f53

Remove early return optimization in UPath and add perimeter validation in SubFileSystem to prevent traversal

Mitigation Strategies

• Update Zio library to version 0.22.2
• Implement manual path sanitization for user inputs before passing them to file system operations
• Apply least privilege principles to the parent filesystem mapping

Remediation Steps:

1. Identify all projects depending on the Zio library
2. Update the NuGet package reference for Zio to version 0.22.2
3. Compile and deploy the updated application code
4. Verify logging mechanisms to detect anomalies in path resolution

References

• GitHub Advisory GHSA-h39g-6x3c-7fq9
• OSV Record
• Zio NuGet Package

---

Read the full report for GHSA-H39G-6X3C-7FQ9 on our website for more details including interactive diagrams and full exploit analysis.