TROYANOSYVIRUS
Volver a CVEs

CVE-2026-32771

CRITICAL
9.8

Descripcion

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go (lines 248–254) is vulnerable to Path Traversal due to a missing trailing path separator in the strings.HasPrefix check. The extractor allows arbitrary file writes (e.g., overwriting shell configs, SSH keys, kubeconfig, or crontabs), enabling RCE and persistent backdoors. The attack surface is further amplified by the default ReadWriteMany PVC access mode, which lets any pod in the cluster inject a malicious payload. This issue has been fixed in version 0.2.2.

Detalles CVE

Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/20/2026
Ultima modificacion4/16/2026
Fuentenvd
Avistamientos honeypot0

Productos afectados

ctfer:monitoring

Debilidades (CWE)

CWE-22

Referencias

https://github.com/ctfer-io/monitoring/commit/269dba165aa42210352628c0db6756f3b8fd3c8a(security-advisories@github.com)
https://github.com/ctfer-io/monitoring/security/advisories/GHSA-f7cq-gvh6-qr25(security-advisories@github.com)
https://security.snyk.io/research/zip-slip-vulnerability#expandable-socPI9fFAJ-title(security-advisories@github.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.