Ctfer-Io Monitoring vulnerabilities
2 known vulnerabilities affecting ctfer-io/monitoring.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-32771P2CRITICALCVSS 9.8fixed in 0.2.22026-03-20
CVE-2026-32771 [CRITICAL] CWE-22 CVE-2026-32771: The CTFer.io Monitoring component is in charge of the collection, process and storage of various sig
The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go (lines 248–254) is vulnerable to Path Traversal due to a missing trailing path separator in the strings.HasPrefix
nvd
CVE-2026-32720P3HIGHCVSS 7.1fixed in 0.2.12026-03-16
CVE-2026-32720 [HIGH] CWE-284 CVE-2026-32720: The CTFer.io Monitoring component is in charge of the collection, process and storage of various sig
The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment pr
nvd