CVE-2026-35465

EPSS 0.44%
Veröffentlicht 18.04.2026 00:41:16
Zuletzt bearbeitet 23.04.2026 18:31:44
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

SecureDrop Client has path injection in read_gzip_header_filename()

SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's virtual machine (sd-app) by exploiting improper filename validation in gzip archive extraction, which permits absolute paths and enables overwriting critical files like the SQLite database. Exploitation requires prior compromise of the dedicated SecureDrop Server, which itself is hardened and only accessible via Tor hidden services. Despite the high attack complexity, the vulnerability is rated High severity due to its significant impact on confidentiality, integrity, and availability of decrypted source submissions. This issue is similar to CVE-2025-24888 but occurs through a different code path, and a more robust fix has been implemented in the replacement SecureDrop Inbox codebase. The issue has been fixed in version 0.17.5.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freedom ≫ Securedrop-client Version < 0.17.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.349

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-36 Absolute Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://github.com/freedomofpress/securedrop-client/security/advisories/GHSA-2jrc-x8fq-prvc

Vendor Advisory

https://github.com/freedomofpress/securedrop-client/commit/e518adaf897e7838467ccf9e1f28152ae6fe3655

Patch

https://github.com/freedomofpress/securedrop-client/blob/8dc8bb6e307b13876d67f72d8a071202e2f39ab5/changelog.md?plain=1#L8

Product

https://nvd.nist.gov/vuln/detail/CVE-2026-35465

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-35465

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-35465

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-35465