pkg:Go/github.com/openziti/zrok/v2

5 total CVEsHIGH2MEDIUM2

✅ Check your installed version

All known vulnerabilities

  • HIGH8.7CVE-2026-42275zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write
    from 0, < 2.0.2
  • HIGH7.5CVE-2026-40303zrok: Unauthenticated DoS via unbounded memory allocation in striped session cookie parsing
    from 0, < 2.0.1
  • MEDIUM6.1CVE-2026-40302zrok: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering
    from 0, < 2.0.1
  • MEDIUM5.3CVE-2026-40304zrok: Broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records
    from 0, < 2.0.1
  • CVE-2026-45576zrok copy writes attacker-controlled WebDAV paths outside the destination root
    from 0, < 2.0.3