CVE-2026-22249 | Docmost up to 0.23.x ZIP Import file.utils.ts path traversal (GHSA-54pm-hqxm-54wg)

A vulnerability, which was classified as critical, was found in Docmost up to 0.23.x. The impacted element is an unknown function of the file apps/server/src/integrations/import/utils/file.utils.ts of the component ZIP Import. Executing a manipulation can lead to path traversal.

This vulnerability is tracked as CVE-2026-22249. The attack can be launched remotely. No exploit exists.

You should upgrade the affected component.VulDB Recent EntriesRead More