Plattform
nodejs
Komponente
docmost
Behoben in
0.24.1
CVE-2026-22249 describes an Arbitrary File Write vulnerability discovered in Docmost, an open-source collaborative wiki and documentation software. This flaw allows attackers to write arbitrary files via the Zip Import Feature, potentially leading to unauthorized modifications or code execution. The vulnerability impacts versions 0.21.0 through 0.23.9, and a fix is available in version 0.24.0.
The Arbitrary File Write vulnerability in Docmost poses a significant risk. An attacker could exploit this flaw to upload malicious files, such as web shells, to the server. Successful exploitation could grant the attacker remote code execution, allowing them to compromise the entire Docmost instance and potentially the underlying server. The ability to write arbitrary files bypasses standard security controls and could lead to data breaches, system takeover, and denial of service. This vulnerability shares characteristics with other ZipSlip vulnerabilities where insufficient filename validation allows attackers to manipulate file paths.
CVE-2026-22249 was publicly disclosed on 2026-01-15. There is currently no indication of active exploitation in the wild, nor is it listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, but the vulnerability's nature suggests it could be relatively easy to exploit once a PoC is released. The CVSS score of 7.1 (HIGH) reflects the potential impact of successful exploitation.
Organizations using Docmost for internal documentation or collaboration, particularly those running vulnerable versions (0.21.0 - 0.23.9) on publicly accessible servers, are at significant risk. Shared hosting environments where multiple users have access to Docmost installations are also particularly vulnerable.
• nodejs: Monitor process execution for suspicious file creation or modification within the Docmost installation directory. Use ps aux | grep docmost to identify running processes and find /path/to/docmost -type f -mmin -60 to check for recently modified files.
• generic web: Examine access logs for POST requests to the Zip Import endpoint with unusual file extensions or filenames. Use grep -i "zip import" /var/log/apache2/access.log to identify relevant requests.
• generic web: Check response headers for errors related to file uploads or unexpected file content. Use curl -I <docmosturl>/zipimport to inspect headers.
disclosure
Exploit-Status
EPSS
0.03% (8% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-22249 is to upgrade Docmost to version 0.24.0 or later, which includes the necessary fix. If upgrading immediately is not possible, consider implementing temporary workarounds. Restrict file upload capabilities and carefully validate all user-supplied filenames before processing them. Implement a Web Application Firewall (WAF) with rules to block suspicious file uploads or requests targeting the Zip Import Feature. Monitor Docmost logs for unusual file creation or modification activity.
Actualice Docmost a la versión 0.24.0 o superior. Esta versión corrige la vulnerabilidad de escritura arbitraria de archivos (ZipSlip) al validar correctamente los nombres de archivo durante la importación de archivos ZIP. La actualización previene la posible ejecución de código malicioso mediante la manipulación de archivos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-22249 is a HIGH severity vulnerability in Docmost versions 0.21.0 through 0.23.9 that allows attackers to write arbitrary files via the Zip Import Feature, potentially leading to code execution.
You are affected if you are running Docmost versions 0.21.0 through 0.23.9. Upgrade to version 0.24.0 or later to resolve the vulnerability.
Upgrade Docmost to version 0.24.0 or later. As a temporary workaround, restrict file upload capabilities and implement strict file type validation.
As of the current date, there are no reports of active exploitation targeting CVE-2026-22249.
Refer to the Docmost project's official website or security advisories for the latest information and updates regarding CVE-2026-22249.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.