DEV Community: CVE Reports

GHSA-H39G-6X3C-7FQ9: GHSA-h39g-6x3c-7fq9: Path Confinement Bypass in Zio SubFileSystem

CVE Reports — Mon, 20 Apr 2026 03:40:20 +0000

GHSA-h39g-6x3c-7fq9: Path Confinement Bypass in Zio SubFileSystem

Vulnerability ID: GHSA-H39G-6X3C-7FQ9
CVSS Score: 5.9
Published: 2026-04-18

The Zio library for .NET contains a path confinement bypass vulnerability allowing attackers to escape the SubFileSystem restricted directory structure. An attacker can use trailing slashes and traversal segments to read and write files in the parent filesystem.

TL;DR

Zio versions prior to 0.22.2 suffer from a path traversal vulnerability in SubFileSystem, enabling attackers to escape the directory sandbox.

⚠️ Exploit Status: POC

Technical Details

CWE: CWE-22
CVSS Score: 5.9
Attack Vector: Network
Impact: Confidentiality (Low), Integrity (Low)
Exploit Status: Proof of Concept
Fixed Version: 0.22.2

Affected Systems

.NET applications utilizing the Zio library
Zio SubFileSystem components processing user-supplied paths
Zio: < 0.22.2 (Fixed in: 0.22.2)

Code Analysis

Commit: c8c2f53

Remove early return optimization in UPath and add perimeter validation in SubFileSystem to prevent traversal

Mitigation Strategies

Update Zio library to version 0.22.2
Implement manual path sanitization for user inputs before passing them to file system operations
Apply least privilege principles to the parent filesystem mapping

Remediation Steps:

Identify all projects depending on the Zio library
Update the NuGet package reference for Zio to version 0.22.2
Compile and deploy the updated application code
Verify logging mechanisms to detect anomalies in path resolution

References

Read the full report for GHSA-H39G-6X3C-7FQ9 on our website for more details including interactive diagrams and full exploit analysis.

GHSA-QRR6-MG7R-M243: GHSA-QRR6-MG7R-M243: Argument Injection and Remote Code Execution in PHPUnit JobRunner

CVE Reports — Mon, 20 Apr 2026 02:40:20 +0000

GHSA-QRR6-MG7R-M243: Argument Injection and Remote Code Execution in PHPUnit JobRunner

Vulnerability ID: GHSA-QRR6-MG7R-M243
CVSS Score: 7.8
Published: 2026-04-18

An argument injection vulnerability exists in PHPUnit's JobRunner component due to improper neutralization of metacharacters in PHP INI configuration values. This flaw allows an attacker to inject arbitrary INI directives during process forking, potentially leading to remote code execution within the context of continuous integration environments or testing workers.

TL;DR

PHPUnit versions prior to 13.1.6 fail to properly escape INI settings passed to child processes via the command line. Attackers who control configuration values can inject newlines to execute arbitrary files via injected INI directives.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-88 (Argument Injection or Modification)
Attack Vector: Local / CI Configuration
CVSS Score: 7.8 (High)
Exploit Status: Proof of Concept available
Impact: Remote Code Execution
Affected Component: phpunit/phpunit (JobRunner)

Affected Systems

PHPUnit JobRunner Component
Continuous Integration Pipelines executing PHPUnit
Automated Testing Workers with process isolation enabled
PHPUnit 13: < 13.1.6 (Fixed in: 13.1.6)
PHPUnit 12: < 12.x
PHPUnit 11: < 11.x

Mitigation Strategies

Upgrade PHPUnit to a secure version (13.1.6 or higher).
Implement strict code review requirements for modifications to phpunit.xml.
Enforce least-privilege principles for CI/CD runners and ephemeral build containers.
Integrate SAST tooling to scan for vulnerable composer.lock dependencies.
Sanitize environment variables injected into the CI pipeline.

Remediation Steps:

Identify all projects utilizing phpunit/phpunit via dependency analysis tools.
Update the composer.json file to require phpunit/phpunit ^13.1.6.
Execute composer update phpunit/phpunit to fetch the patched version.
Commit the updated composer.lock file to the repository.
Verify the pipeline execution to ensure compatibility with the updated testing framework.

Read the full report for GHSA-QRR6-MG7R-M243 on our website for more details including interactive diagrams and full exploit analysis.

GHSA-6G38-8J4P-J3PR: GHSA-6G38-8J4P-J3PR: Account Takeover via OAuth Email Verification Bypass in Nhost

CVE Reports — Mon, 20 Apr 2026 01:40:20 +0000

GHSA-6G38-8J4P-J3PR: Account Takeover via OAuth Email Verification Bypass in Nhost

Vulnerability ID: GHSA-6G38-8J4P-J3PR
CVSS Score: 9.3
Published: 2026-04-18

Nhost is vulnerable to a critical Improper Authentication flaw (CWE-287) that permits full account takeover. The vulnerability exists in the OAuth authentication flow, where multiple provider adapters fail to enforce email verification checks before automatically linking incoming external identities to existing local accounts.

TL;DR

A logic flaw in Nhost's OAuth implementation allows attackers to take over existing accounts by registering an unverified matching email address on third-party identity providers like Discord or Bitbucket.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-287
Attack Vector: Network
CVSS v4.0: 9.3
Impact: Complete Account Takeover
Exploit Status: Proof of Concept
Authentication Required: None

Affected Systems

Nhost Authentication Service
Discord OAuth Adapter
Bitbucket OAuth Adapter
AzureAD OAuth Adapter
EntraID OAuth Adapter
github.com/nhost/nhost: < 0.0.0-20260417112436-ec8dab3f2cf4 (Fixed in: 0.0.0-20260417112436-ec8dab3f2cf4)

Code Analysis

Commit: ec8dab3

Fix OAuth email verification bypass and introduce strict verification checks.

Mitigation Strategies

Software Update
Configuration Change
Code Audit

Remediation Steps:

Update the github.com/nhost/nhost package to a version containing commit ec8dab3f2cf46e1131ddaf893d56c37aa00380b2.
If patching is not possible, disable the Discord, Bitbucket, AzureAD, and EntraID OAuth login methods in the Nhost configuration.
Audit any custom-built OAuth provider adapters to ensure they correctly parse and enforce the external provider's email verification boolean flag.

References

Read the full report for GHSA-6G38-8J4P-J3PR on our website for more details including interactive diagrams and full exploit analysis.

GHSA-F58V-P6J9-24C2: GHSA-f58v-p6j9-24c2: Authenticated SQL Injection in YesWiki Bazar Module

CVE Reports — Mon, 20 Apr 2026 01:10:20 +0000

GHSA-f58v-p6j9-24c2: Authenticated SQL Injection in YesWiki Bazar Module

Vulnerability ID: GHSA-F58V-P6J9-24C2
CVSS Score: 8.8
Published: 2026-04-18

An authenticated SQL Injection vulnerability exists in the Bazar module of YesWiki. The flaw allows authenticated attackers to execute arbitrary SQL commands via the id_fiche parameter, potentially resulting in full database compromise.

TL;DR

YesWiki versions prior to 4.6.1 contain a high-severity SQL Injection vulnerability (CWE-89) in the EntryManager service. An authenticated attacker can append raw SQL to the id_fiche parameter, enabling data exfiltration and database modification.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-89
Attack Vector: Network
CVSS Score: 8.8
Privileges Required: Low
Exploit Status: PoC Available
KEV Status: Not Listed

Affected Systems

YesWiki (Bazar module) installations prior to version 4.6.1
yeswiki/yeswiki: < 4.6.1 (Fixed in: 4.6.1)

Exploit Details

GitHub Security Advisory: Advisory documenting the time-based blind and error-based SQL injection vectors.
PoC Evidence Image: Image confirming the SLEEP(3) payload execution.

Mitigation Strategies

Update YesWiki to the latest patched version.
Deploy Web Application Firewall (WAF) rules to detect and block SQL injection payloads targeting the /api/entries/ endpoint.

Remediation Steps:

Verify the current version of the YesWiki installation.
Download YesWiki version 4.6.1 or later.
Backup the existing YesWiki directory and database.
Apply the update by replacing the core files according to the YesWiki upgrade documentation.
Verify the application functions properly and test the patch by submitting a benign payload.

References

Read the full report for GHSA-F58V-P6J9-24C2 on our website for more details including interactive diagrams and full exploit analysis.

CVE-2026-6437: CVE-2026-6437: Mount Option Injection in Amazon EFS CSI Driver

CVE Reports — Mon, 20 Apr 2026 00:40:22 +0000

CVE-2026-6437: Mount Option Injection in Amazon EFS CSI Driver

Vulnerability ID: CVE-2026-6437
CVSS Score: 6.5
Published: 2026-04-18

The Amazon EFS CSI Driver contains an argument injection vulnerability (CWE-88) in versions prior to v3.0.1. Unsanitized values in the volumeHandle and mounttargetip fields allow authenticated users with PersistentVolume creation permissions to inject arbitrary mount options.

TL;DR

Authenticated Kubernetes users can bypass mount restrictions by injecting arbitrary comma-separated mount options via unsanitized PersistentVolume fields in the AWS EFS CSI Driver.

Technical Details

CWE ID: CWE-88: Argument Injection
Attack Vector: Network
CVSS v3.1 Score: 6.5 (Medium)
EPSS Score: 0.00029 (8.06%)
Privileges Required: High (PersistentVolume Creation)
Exploit Status: Unexploited / PoC available
CISA KEV: Not Listed

Affected Systems

Amazon EFS CSI Driver (aws-efs-csi-driver) versions < 3.0.1
Kubernetes clusters utilizing the vulnerable AWS EFS CSI driver
aws-efs-csi-driver: < 3.0.1 (Fixed in: 3.0.1)

Code Analysis

Commit: 51806c2

Fix argument injection in mount options by adding strict net.ParseIP validation to mounttargetip field.

Mitigation Strategies

Upgrade the Amazon EFS CSI Driver daemonset to v3.0.1 or higher.
Restrict Kubernetes RBAC permissions for PersistentVolume and StorageClass creation.
Deploy OPA Gatekeeper or Kyverno policies to validate and sanitize volume attributes.
Monitor Kubernetes audit logs for irregular characters in volume provisioning requests.

Remediation Steps:

Identify the current version of the aws-efs-csi-driver deployed in the cluster.
Review RBAC roles to ensure only cluster-admin equivalents can create PersistentVolumes.
Apply the v3.0.1 (or latest) release manifests or update the corresponding Helm chart.
Verify the daemonset rollout across all worker nodes is complete.
Test volume provisioning to confirm the updated driver maintains operational functionality.

References

Read the full report for CVE-2026-6437 on our website for more details including interactive diagrams and full exploit analysis.

GHSA-MJW2-V2HM-WJ34: GHSA-MJW2-V2HM-WJ34: SQL Injection in Dagster Dynamic Partitions

CVE Reports — Mon, 20 Apr 2026 00:10:20 +0000

GHSA-MJW2-V2HM-WJ34: SQL Injection in Dagster Dynamic Partitions

Vulnerability ID: GHSA-MJW2-V2HM-WJ34
CVSS Score: 8.3
Published: 2026-04-18

A high-severity SQL injection vulnerability in Dagster's database I/O manager integrations allows users with dynamic partition creation privileges to execute arbitrary SQL commands. This flaw affects the DuckDB, Snowflake, BigQuery, and DeltaLake integrations due to improper sanitization of dynamic partition keys.

TL;DR

Dagster I/O managers fail to sanitize dynamic partition keys, enabling SQL injection via unescaped string literals. Upgrading to Dagster 1.13.1 and integration packages 0.29.1 resolves the issue, or users can apply a manual runtime monkey patch.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-89
CVSS Score: 8.3 (High)
Attack Vector: Network (API/UI)
Authentication Required: Low (Requires API Access)
Impact Context: I/O Manager Database Scope
Patch Status: Available (1.13.1 / 0.29.1)

Affected Systems

Dagster Core
dagster-duckdb
dagster-snowflake
dagster-gcp
dagster-deltalake
dagster: >= 1.1.21, < 1.13.1 (Fixed in: 1.13.1)
dagster-duckdb: >= 0.17.21, < 0.29.1 (Fixed in: 0.29.1)
dagster-snowflake: >= 0.17.21, < 0.29.1 (Fixed in: 0.29.1)
dagster-gcp: >= 0.17.21, < 0.29.1 (Fixed in: 0.29.1)
dagster-deltalake: < 0.29.1 (Fixed in: 0.29.1)

Mitigation Strategies

Upgrade the core dagster package to >= 1.13.1
Upgrade affected integration packages (duckdb, snowflake, gcp, deltalake) to >= 0.29.1
Implement runtime monkey patch in definitions.py if upgrading is delayed
Restrict 'Add Dynamic Partitions' permissions via RBAC in Dagster+

Remediation Steps:

Identify all deployed Dagster environments using dynamic partitions and the affected I/O managers.
Update the project dependencies: pip install dagster>=1.13.1 dagster-gcp>=0.29.1 (or other relevant integrations).
Re-deploy the Dagster code locations and webserver instances.
If patching is delayed, copy the provided workaround snippet matching your specific database backend and insert it at the top of definitions.py.
Restart the Dagster processes to apply the monkey patch.

References

Read the full report for GHSA-MJW2-V2HM-WJ34 on our website for more details including interactive diagrams and full exploit analysis.

GHSA-XJVP-7243-RG9H: GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write

CVE Reports — Sun, 19 Apr 2026 22:40:20 +0000

GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write

Vulnerability ID: GHSA-XJVP-7243-RG9H
CVSS Score: 9.6
Published: 2026-04-18

A critical path traversal vulnerability in the SCP middleware of the Wish Go library (GHSA-xjvp-7243-rg9h) permits attackers to read and write arbitrary files outside the configured root directory. The flaw originates from insufficient path sanitization in the fileSystemHandler.prefixed() method, enabling severe impacts including remote code execution if critical system files are overwritten. Exploitation requires authentication unless the target server explicitly runs without authentication protocols.

TL;DR

A path traversal flaw in the Wish SCP middleware allows arbitrary file read and write operations outside the designated root directory via crafted SCP requests.

⚠️ Exploit Status: POC

Technical Details

Advisory ID: GHSA-xjvp-7243-rg9h
CVSS Score: 9.6
Attack Vector: Network
CWE ID: CWE-22
Impact: Arbitrary File Read/Write
Exploit Status: Proof-of-Concept Available

Affected Systems

Custom SSH Servers built with charm.land/wish/v2 <= 2.0.0
Custom SSH Servers built with github.com/charmbracelet/wish <= 1.4.7
charm.land/wish/v2: <= 2.0.0 (Fixed in: 2.0.1)
github.com/charmbracelet/wish: <= 1.4.7 (Fixed in: None)

Mitigation Strategies

Dependency Upgrade
Service Disablement
Defense-in-Depth Isolation

Remediation Steps:

Update go.mod to use charm.land/wish/v2 v2.0.1 or higher.
Execute go mod tidy to download the patched dependencies.
Recompile the Go application.
Restart the custom SSH server service.

References

Read the full report for GHSA-XJVP-7243-RG9H on our website for more details including interactive diagrams and full exploit analysis.

GHSA-JM8C-9F3J-4378: GHSA-jm8c-9f3j-4378: Unauthenticated Email Content Injection in Pretalx Template Engine

CVE Reports — Sun, 19 Apr 2026 22:10:20 +0000

GHSA-jm8c-9f3j-4378: Unauthenticated Email Content Injection in Pretalx Template Engine

Vulnerability ID: GHSA-JM8C-9F3J-4378
CVSS Score: 6.1
Published: 2026-04-18

Pretalx versions prior to 2026.1.0 contain a template injection vulnerability allowing unauthenticated attackers to embed malformed HTML and Markdown into system-generated emails. By exploiting unsanitized placeholders in the mail generation engine, attackers can spoof trusted communications that pass SPF, DKIM, and DMARC validations.

TL;DR

Unauthenticated attackers can inject malicious links into official Pretalx emails by manipulating user-controlled profile fields, bypassing email sender reputation checks.

⚠️ Exploit Status: POC

Technical Details

Vulnerability Type: Email Content Injection
Primary CWE: CWE-1336
Attack Vector: Network
Privileges Required: None
User Interaction: Required
CVSS v3.1 Score: 6.1
Exploit Status: Proof of Concept

Affected Systems

pretalx (PyPI)
pretalx: < 2026.1.0 (Fixed in: 2026.1.0)

Mitigation Strategies

Upgrade the Pretalx application to the latest stable release containing the security patch.
Apply localized template escaping filters to user-controlled variables if immediate upgrade is not possible.
Implement registration endpoint monitoring to detect anomalous payload signatures in profile fields.

Remediation Steps:

Verify the current running version of Pretalx via the administration dashboard or application environment.
Pull the latest pretalx package version (2026.1.0 or newer) from PyPI.
Execute the deployment upgrade sequence, ensuring all static files and database migrations are applied.
Review user databases for accounts created with HTML or Markdown syntax in the name fields to identify previous exploitation attempts.

References

Read the full report for GHSA-JM8C-9F3J-4378 on our website for more details including interactive diagrams and full exploit analysis.

GHSA-CJCX-JFP2-F7M2: GHSA-CJCX-JFP2-F7M2: High-Severity Stored XSS in Pretalx Organizer Search Interface

CVE Reports — Sun, 19 Apr 2026 17:40:20 +0000

GHSA-CJCX-JFP2-F7M2: High-Severity Stored XSS in Pretalx Organizer Search Interface

Vulnerability ID: GHSA-CJCX-JFP2-F7M2
CVSS Score: 8.7
Published: 2026-04-18

Pretalx versions prior to 2026.1.0 contain a high-severity stored Cross-Site Scripting (XSS) vulnerability within the organizer-facing search interface. Low-privileged users, such as speakers or proposal submitters, can inject malicious JavaScript into their profiles or submissions. When an organizer searches for these records, the application insecurely renders the results using innerHTML, leading to arbitrary script execution in the organizer's browser.

TL;DR

A stored XSS vulnerability in the Pretalx search typeahead feature allows low-privileged users to execute arbitrary JavaScript in the context of administrative organizer accounts, enabling session hijacking and unauthorized administrative actions.

⚠️ Exploit Status: POC

Technical Details

Vulnerability Type: Stored Cross-Site Scripting (XSS)
CWE ID: CWE-79
CVSS Score: 8.7 (High)
Attack Vector: Network
Privileges Required: Low (Submitter/Speaker)
User Interaction: Required (Organizer must search)
Exploit Status: Proof of Concept Available

Affected Systems

Pretalx (Organizer Backend Interface)
pretalx: < 2026.1.0 (Fixed in: 2026.1.0)

Mitigation Strategies

Upgrade Pretalx to version 2026.1.0 or higher.
Apply manual patch to frontend JavaScript files replacing innerHTML with textContent.
Implement Web Application Firewall (WAF) rules to detect and block common XSS payloads in profile update and proposal submission endpoints.
Avoid utilizing the organizer backend search feature until a patch is applied.

Remediation Steps:

Verify current Pretalx version using the application dashboard or package manager.
Schedule a maintenance window for the application upgrade.
Upgrade the Pretalx package via pip: pip install --upgrade pretalx>=2026.1.0.
Run database migrations and re-collect static files as per the Pretalx upgrade documentation.
Restart the application server to apply changes.

References

Read the full report for GHSA-CJCX-JFP2-F7M2 on our website for more details including interactive diagrams and full exploit analysis.

GHSA-9J88-VVJ5-VHGR: GHSA-9j88-vvj5-vhgr: STARTTLS Response Injection and SASL Downgrade in MailKit

CVE Reports — Sun, 19 Apr 2026 16:40:20 +0000

GHSA-9j88-vvj5-vhgr: STARTTLS Response Injection and SASL Downgrade in MailKit

Vulnerability ID: GHSA-9J88-VVJ5-VHGR
CVSS Score: 6.5
Published: 2026-04-18

MailKit versions prior to 4.16.0 contain a STARTTLS response injection vulnerability. A network-positioned attacker can inject plaintext protocol responses into the client's internal read buffer before the TLS handshake completes, causing the client to process the injected data post-TLS. This flaw typically facilitates SASL mechanism downgrades.

TL;DR

A flaw in MailKit's stream handling allows a Man-in-the-Middle attacker to inject malicious protocol data during the STARTTLS upgrade. The unflushed internal buffer causes the client to process this unencrypted data as a legitimate post-TLS response, enabling authentication downgrades.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-74
Attack Vector: Network (MitM)
CVSS Score: 6.5
Impact: Integrity (High) - SASL Downgrade
Exploit Status: Proof-of-Concept

Affected Systems

MailKit < 4.16.0
MailKit: < 4.16.0 (Fixed in: 4.16.0)

Mitigation Strategies

Update MailKit to version 4.16.0 or newer.
Enforce implicit TLS (SslOnConnect) on dedicated secure ports (465, 993, 995) instead of relying on STARTTLS.

Remediation Steps:

Identify projects referencing MailKit via csproj or packages.config.
Update the NuGet package reference to version 4.16.0 or higher.
Recompile and deploy the application.
Audit network configurations to ensure implicit TLS is preferred over explicit STARTTLS.

References

Read the full report for GHSA-9J88-VVJ5-VHGR on our website for more details including interactive diagrams and full exploit analysis.

GHSA-452V-W3GX-72WG: GHSA-452v-w3gx-72wg: Remote Denial of Service via Identity Point Panic in Zebra Zcash Node

CVE Reports — Sun, 19 Apr 2026 14:10:20 +0000

GHSA-452v-w3gx-72wg: Remote Denial of Service via Identity Point Panic in Zebra Zcash Node

Vulnerability ID: GHSA-452V-W3GX-72WG
CVSS Score: 8.7
Published: 2026-04-18

The Zebra Zcash node implementation is vulnerable to a critical remote denial-of-service attack due to a logic error in Orchard transaction verification. An unhandled exception occurs when processing the randomized validating key (rk) if it is set to the Pallas curve identity point.

TL;DR

An unauthenticated remote attacker can crash a vulnerable Zebra node by broadcasting a crafted Orchard transaction where the rk field is the identity point. This triggers an .unwrap() panic in the underlying orchard crate, leading to immediate process termination.

Technical Details

CWE ID: CWE-248
Attack Vector: Network
CVSS 4.0: 8.7
Impact: Denial of Service
Exploit Status: none
KEV Status: Not Listed

Affected Systems

Zebra (zebrad)
Zebra (zebra-chain)
Zcash network nodes
Zebra: < 4.3.1 (Fixed in: 4.3.1)

Mitigation Strategies

Upgrade all Zebra nodes to version 4.3.1 or later.
Monitor process logs for panics related to the orchard crate or circuits.rs.
Adhere to the updated Zcash protocol specification regarding the rejection of identity rk values.

Remediation Steps:

Stop the running zebrad service.
Download or compile Zebra version 4.3.1.
Restart the zebrad service with the updated binary.
Verify that the node resumes syncing and processing transactions correctly.

References

Read the full report for GHSA-452V-W3GX-72WG on our website for more details including interactive diagrams and full exploit analysis.

GHSA-29X4-R6JV-FF4W: GHSA-29X4-R6JV-FF4W: Denial of Service via Interrupted JSON-RPC Requests in Zebra zebra-rpc

CVE Reports — Sun, 19 Apr 2026 13:40:20 +0000

GHSA-29X4-R6JV-FF4W: Denial of Service via Interrupted JSON-RPC Requests in Zebra zebra-rpc

Vulnerability ID: GHSA-29X4-R6JV-FF4W
CVSS Score: 6.5
Published: 2026-04-18

A Denial of Service (DoS) vulnerability exists in the Zebra Zcash node's JSON-RPC interface. An authenticated attacker can crash the node daemon by abruptly terminating an HTTP request during the payload transmission phase, exploiting unhandled I/O errors in the zebra-rpc crate.

TL;DR

Zebra nodes prior to version 4.3.1 are vulnerable to a persistent DoS attack. Authenticated clients sending partial HTTP requests followed by a TCP RST can trigger an unhandled panic in the RPC middleware.

Technical Details

Advisory ID: GHSA-29X4-R6JV-FF4W
CWE Class: CWE-248 (Uncaught Exception)
Attack Vector: Network
Authentication Required: Yes
Base CVSS Score: 6.5
Exploit Status: None
Patched Version: 4.3.1

Affected Systems

zebra-rpc crate
zebrad node daemon
zebra-rpc: < 4.3.1 (Fixed in: 4.3.1)
zebrad: < 4.3.1 (Fixed in: 4.3.1)

Mitigation Strategies

Upgrade the Zebra daemon to version 4.3.1 or higher.
Restrict JSON-RPC port access to trusted loopback interfaces.
Enforce strict firewall rules preventing external connections to port 8232 or 18232.
Implement process managers (e.g., systemd) configured to automatically restart the node upon unexpected termination.

Remediation Steps:

Verify current node version with zebrad --version.
Download the Zebra v4.3.1 release binaries or fetch the latest source code from the main repository.
Stop the running Zebra daemon.
Replace the existing zebrad binary with the v4.3.1 build.
Restart the node and verify that the daemon synchronizes properly with the network.

References

Read the full report for GHSA-29X4-R6JV-FF4W on our website for more details including interactive diagrams and full exploit analysis.