CVE-2026-27969: Vitess users with backup storage access can write to arbitrary file paths on restore
Anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is a common Path Traversal security issue. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment — allowing them to access information available in that environment as well as run any additional arbitrary commands there.
References
- github.com/advisories/GHSA-r492-hjgh-c9gw
- github.com/vitessio/vitess
- github.com/vitessio/vitess/commit/c565cab615bc962bda061dcd645aa7506c59ca4a
- github.com/vitessio/vitess/pull/19470
- github.com/vitessio/vitess/security/advisories/GHSA-r492-hjgh-c9gw
- nvd.nist.gov/vuln/detail/CVE-2026-27969
- owasp.org/www-community/attacks/Path_Traversal
Code Behaviors & Features
Detect and mitigate CVE-2026-27969 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →