CVE-2026-27969 — Path Traversal in Vitess

CWE-22 — Path Traversal CWE-78 — OS Command Injection7 documents5 sources

Severity

9.3CRITICALNVD

EPSS

0.1%

top 79.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vitessio Vitess Vitess.io Vitess Linuxfoundation Vitess +4 more

Timeline

PublishedFeb 26

Latest updateApr 11

Description

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is a common path traversal security issue. This can be used to provide that attacker with unintended/u…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:L/SC:L/SI:H/SA:H

Affected Packages7 packages

▶CVEListV5vitessio/vitess< 22.0.4+1

▶Govitess.io/vitess0.23.0-rc1 — 0.23.3+1

▶NVDlinuxfoundation/vitess23.0.0 — 23.0.3+1

▶msrcmsrc/azl3_vitess_19.0.4-7_on_azure_linux_3.0

▶msrcmsrc/azl3_vitess_19.0.4-9_on_azure_linux_3.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

aws-mcp has a Command Injection Remote Code Execution Vulnerability↗2026-04-11

▶

OSV

Vitess users with backup storage access can write to arbitrary file paths in vitess.io/vitess↗2026-03-10

▶

GHSA

Vitess users with backup storage access can write to arbitrary file paths on restore↗2026-02-27

▶

OSV

Vitess users with backup storage access can write to arbitrary file paths on restore↗2026-02-27

▶

📋Vendor Advisories

Microsoft

Vitess users with backup storage access can write to arbitrary file paths on restore↗2026-02-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-27969 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶