CVE-2026-40304 | openziti zrok up to 2.0.0 controller/unaccess.go environment_id access control

A vulnerability was found in openziti zrok up to 2.0.0. It has been classified as critical. This impacts an unknown function of the file controller/unaccess.go. Performing a manipulation of the argument environment_id results in improper access controls.

This vulnerability is known as CVE-2026-40304. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More