You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
vitess
About this tag
Vitess is an open-source database clustering system that scales MySQL for large deployments and cloud environments. Recent security advisories highlight critical vulnerabilities in Vitess backup restore functionality, including path traversal (CVE-2026-27969) and manifest command injection (CVE-2026-27965). These flaws allow attackers with write access to backup storage to write files to arbitrary locations or execute arbitrary commands during restore, potentially leading to data exposure, configuration tampering, or remote code execution. Administrators are urged to update to patched versions v22.0.4 and v23.0.3 to mitigate these risks. Discussions on WindowsForum.com cover the technical details, impact, and remediation steps for these vulnerabilities.
Vitess maintainers have confirmed a serious path traversal vulnerability in the project’s backup restore path that allows anyone with write access to backup storage to cause a restore operation to write files to arbitrary locations on the host where Vitess runs — a risk that can lead to data...
Vitess operators and cloud teams must treat their backups like a live attack surface: a recently disclosed vulnerability shows that anyone with read/write access to backup storage can weaponize manifest metadata to execute arbitrary commands during restore and gain unauthorized access to...