{"id":78039,"date":"2026-02-26T05:46:24","date_gmt":"2026-02-26T02:16:24","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-27969-vitess-users-with-backup-storage-access-can-write-to-arbitrary-file-paths-on-restore\/"},"modified":"2026-02-26T05:46:24","modified_gmt":"2026-02-26T02:16:24","slug":"cve-2026-27969-vitess-users-with-backup-storage-access-can-write-to-arbitrary-file-paths-on-restore","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-27969-vitess-users-with-backup-storage-access-can-write-to-arbitrary-file-paths-on-restore\/","title":{"rendered":"CVE-2026-27969 &#8211; Vitess users with backup storage access can write to arbitrary file paths on restore"},"content":{"rendered":"<p>CVE ID : CVE-2026-27969<\/p>\n<p>Published :  Feb. 26, 2026, 2:16 a.m. | 52\u00a0minutes ago<\/p>\n<p>Description : Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read\/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifest \u2014 which may be files that they have also added to the manifest and backup contents \u2014\u00a0are written to any accessible location on restore. This is a common path traversal security issue. This can be used to provide that attacker with unintended\/unauthorized access to the production deployment environment \u2014 allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. No known workarounds are available.<\/p>\n<p>Severity: 9.3 | CRITICAL<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2026-27969 Published : Feb. 26, 2026, 2:16 a.m. | 52\u00a0minutes ago Description : Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read\/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-78039","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/78039","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=78039"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/78039\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=78039"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=78039"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=78039"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}