CVE-2026-22249
7.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Summary
Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability is fixed in 0.24.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| docmost | docmost | < 0.24.0 | affected |
Weaknesses
- CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://github.com/docmost/docmost/security/advisories/GHSA-54pm-hqxm-54wg
- https://github.com/docmost/docmost/pull/1753
- https://github.com/docmost/docmost/commit/c3b350d943108552e20654580005cd6f6c78ab05
- https://github.com/docmost/docmost/releases/tag/v0.24.0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.