CVE-2026-3223

CWE-22Path Traversal3 documents3 sources
Severity
8.4HIGH
EPSS
0.0%
top 96.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google WEB Designer
Timeline
PublishedFeb 27

Description

Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5google/web_designer< 14.2.2.0

🔴Vulnerability Details

2
GHSA
GHSA-pcr3-6v45-6mc2: Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer2026-02-27
CVEList
Zip Slip leading to Arbitrary File Write and Privilege Escalation in Google Web Designer2026-02-27
CVE-2026-3223 (HIGH CVSS 8.4) | Arbitrary file write & potential pr | cvebase.io