CVE-2026-45188 LOW

CVE-2026-45188: Apache Kvrocks: Replication Fullsync Path Traversal via Unvalidated Filename Handling

Vendor Apache Software Foundation

Product Apache Kvrocks

Weakness CWE-23

Published June 25, 2026

Last update June 25, 2026

View on NVD All CVEs

CVSS base score

2.4/10

Attack vector Local

Attack complexity High

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/S:N/AU:N/R:U/RE:L/U:Clear

What the vulnerability does

Description

Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.

Key dates

Disclosure timeline

June 25, 2026 CVE published

Identifiers

CVE CVE-2026-45188

CWE CWE-23

CVSS 2.4 / LOW

Affected versions

Vendor Apache Software Foundation

Product Apache Kvrocks

Affected ≥ 1.0.0 and ≤ 2.15.0