CVE

CVE-2026-25116

Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal

CVE

CVE-2026-25116

Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN parsing, an attacker can replace the primary stack configuration with a malicious one, resulting in full Remote Code Execution (RCE) and host filesystem compromise the next time the instance is restarted by the operator. Version 4.7.2 fixes the vulnerability.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.6

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25116.json, https://github.com/runtipi/runtipi/releases/tag/v4.7.2, https://github.com/runtipi/runtipi/security/advisories/GHSA-mwg8-x997-cqw6, https://nvd.nist.gov/vuln/detail/CVE-2026-25116

Severity

7.6

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.6

EPSS Probability

0.00073%

EPSS Percentile

0.21928%

Introduced Version

93120bb092e54f6ceda4c58bb181238669913165

Fix Available

6f4ad632cb23ffa2c1ccdce0e5fd076cad6394f5

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2026-25116

CVE-2026-25116

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.6

Basic Information

Fix Critical Vulnerabilities Instantly