openziti — Vulnerabilities & Security Advisories 5

Browse all 5 CVE security advisories affecting openziti. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by openziti:zrok ziti-console

CVE ID	Title	CVSS	Severity	Published
CVE-2026-40304	zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records — zrokCWE-284	5.3	Medium	2026-04-17
CVE-2026-40303	zrok allows unauthenticated DoS via unbounded memory allocation in striped session cookie parsing — zrokCWE-400	7.5	High	2026-04-17
CVE-2026-40302	zrok has reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering — zrokCWE-79	6.1	Medium	2026-04-17
CVE-2025-27501	Server Side Request Forgery in Ziti Console — ziti-consoleCWE-918	8.6	High	2025-03-03
CVE-2025-27500	Cross Site Scripting potential in Ziti Console — ziti-consoleCWE-79	8.2	High	2025-03-03

This page lists every published CVE security advisory associated with openziti. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

openziti — Vulnerabilities & Security Advisories 5