Platform
linux
Component
securedrop-client
Fixed in
0.17.6
The SecureDrop Client vulnerability, CVE-2026-35465, affects versions 0.17.4 and earlier. This flaw allows a compromised SecureDrop Server to execute code on the Client's virtual machine through improper filename validation during gzip archive extraction, enabling file overwrites. Successful exploitation requires the server to already be compromised, a scenario mitigated by SecureDrop's hardened server design and Tor-only access. A patch is available in version 0.17.5.
CVE-2026-35465 in SecureDrop Client allows a compromised SecureDrop Server to achieve code execution on the Client's virtual machine (sd-app). This is due to improper filename validation during gzip archive extraction, permitting absolute paths and enabling overwriting of critical files such as the SQLite database. Exploitation requires prior compromise of the dedicated SecureDrop Server, but represents a significant risk to journalists and sources relying on SecureDrop for secure communications. The ability to overwrite the database could lead to data breaches, manipulation, or complete system compromise.
Exploiting CVE-2026-35465 requires the attacker to already have access and control over the SecureDrop Server. Once the server is compromised, the attacker can craft a malicious gzip file containing absolute paths pointing to files within the client’s virtual machine. Upon sending this file through SecureDrop, the client will extract it, overwriting the specified files. Overwriting the SQLite database could allow the attacker to access confidential information, manipulate data, or even gain complete control of the system. This highlights the importance of securing both the client and the server.
Exploit Status
EPSS
0.05% (17% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-35465 is to update SecureDrop Client to version 0.17.5 or higher. This version corrects the filename validation, preventing the inclusion of absolute paths and avoiding critical file overwrites. All SecureDrop Client users are strongly encouraged to update to the latest version as soon as possible. Furthermore, maintaining the security of the SecureDrop Server is crucial, including monitoring for suspicious activity. Implementing additional security measures on the server, such as access restrictions and security patching, can significantly reduce the risk of exploitation.
Actualice a la versión 0.17.5 o posterior del SecureDrop Client para corregir la vulnerabilidad de inyección de ruta. Esta actualización implementa una validación más robusta de los nombres de archivo durante la extracción de archivos gzip, previniendo la sobrescritura de archivos críticos como la base de datos SQLite.
Vulnerability analysis and critical alerts directly to your inbox.
SecureDrop Client is a desktop application used by journalists to securely communicate with sources and receive submissions on a SecureDrop Workstation.
The sd-app virtual machine is an isolated environment within the SecureDrop Client system where the application runs. This separation helps protect the main system from potential attacks.
The update is performed through the SecureDrop Client itself. The application will notify you if a new version is available and guide you through the update process.
If you suspect your SecureDrop Server has been compromised, you should immediately disconnect it from the network, notify the SecureDrop community, and follow the incident response guidelines provided by The Tor Project.
Yes, in addition to updating the software, you should keep your SecureDrop Server updated with the latest security patches, restrict access to the server, and monitor system activity.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.