Linuxfoundation Vitess vulnerabilities

CVE-2026-27969 [CRITICAL] CWE-22 CVE-2026-27969: Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are writ

CVE-2026-27965 [HIGH] CWE-78 CVE-2026-27965: Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintende

CVE-2023-29195 [MEDIUM] CWE-20 CVE-2023-29195: Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view

CVE-2023-29194 [LOW] CWE-20 CVE-2023-29194: Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentional Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an err