CVE-2026-25964 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the Recip…
Medium CVSS: 4.9

CVE-2026-25964

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This vulnerability stems from a lack of input validation in the file_path parameter and insufficient checks in the Local storage backend, enabling an attacker to bypass storage directory restrictions and access sensitive system files (e.g., /etc/passwd) or application configuration files (e.g., settings.py), potentially leading to full system compromise. This vulnerability is fixed in 2.5.1.
Vendor
Tandoor
Product
Recipes
CWE
CWE-22
Yayın Tarihi
2026-02-13 19:17:28
Güncelleme
2026-02-17 16:07:02
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-22 Recipes MEDIUM Tandoor 2026

Referanslar

https://github.com/TandoorRecipes/recipes/commit/f7f3524609451ab0b5a4fd760ad0af147d8ed794 https://github.com/TandoorRecipes/recipes/releases/tag/2.5.1 https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-6485-jr28-52xx