CVE-2026-41231 in Froxlorinformação

Sumário

de MITRE • 23/04/2026

Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` constructs the export destination path from user-supplied input without passing the `$fixed_homedir` parameter to `FileDir::makeCorrectDir()`, bypassing the symlink validation that was added to all other customer-facing path operations (likely as the fix for CVE-2023-6069). When the ExportCron runs as root, it executes `chown -R` on the resolved symlink target, allowing a customer to take ownership of arbitrary directories on the system. Version 2.3.6 contains an updated fix.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

GitHub M

Reservar

18/04/2026

Divulgação

23/04/2026

Moderação

aceite

Entrada

VDB-359098

CPE

pronto

CWE

CWE-59 (confirmado)

CVSS

7.5 (CNA)

EPSS

0.00087

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-41231
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-41231
CVE Details	https://www.cvedetails.com/cve/CVE-2026-41231/

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!