Back to overview

CVE-2026-53535

MEDIUM
5.9
CVSS 4.0
Description
Activepieces is an open source AI workflow automation platform. Prior to 0.82.0, the git-sync feature clones a user-configured Git repository into a temporary directory on the server and then writes flow, table, and connection state into it before pushing back, and two separate weaknesses allowed those writes to escape the intended workspace and land on arbitrary paths on the host filesystem: Git's symbolic-link handling was not disabled on the clone, so an attacker who controlled the remote repository could include symlinks that redirected the writes, and several user-supplied identifiers used to build on-disk paths (the repository slug and the externalId of tables, flows, and connections) were not validated against directory-traversal sequences such as ../. On a self-hosted Enterprise Edition deployment, a user authorized to configure or push to a git-sync repository (holding the WRITE_PROJECT_RELEASE permission) could cause the server to overwrite files anywhere the Activepieces process user can write, which depending on host layout can be leveraged for tampering, denial of service, or remote code execution. This issue is fixed in version 0.82.0.

Metadata

CVE ID
CVE-2026-53535
State
PUBLISHED
Assigner
GitHub_M
Reserved
2026-06-09 17:30 UTC
Published
2026-07-16 18:52 UTC
Last updated
2026-07-16 18:52 UTC
Primary CWE
CWE-22
CWE-22: Improper Limitation of a Pathname to a Restricted Di…
Vendor / Product
activepieces / activepieces
Sources
cve.org  ·  NVD

Severity & Metrics

5.9 MEDIUM CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products (1)
VendorProductPlatformVersions
activepieces activepieces < 0.82.0
Weakness (CWE)
CWESourceDescription
CWE-22 cna CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-59 cna CWE-59: Improper Link Resolution Before File Access ('Link Following')
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.9 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
References (4)
Back to overview