CVE-2026-25962
Zip Extraction Resource Exhaustion in MarkUs Before
Publication date: 2026-03-06
Last updated on: 2026-03-12
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| markusproject | markus | to 2.9.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-409 | The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25962 is a moderate severity vulnerability in the MarkUs web application, affecting versions up to 2.9.3. The issue arises because MarkUs extracts zip files without any limits on their size or the number of entries. This allows an attacker to upload a specially crafted zip bombβa highly compressed archive that expands massively when extractedβcausing excessive consumption of disk space and CPU resources.
This improper handling of highly compressed data leads to resource exhaustion and results in a denial of service (DoS), making the MarkUs service unavailable. The vulnerability requires only low privileges to exploit and no user interaction, with the attack vector being network-based.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service (DoS) condition. An attacker can cause the MarkUs service to become unavailable by uploading a zip bomb that exhausts system resources such as disk space and CPU.
There is no impact on confidentiality or integrity of data, but the availability of the service is compromised, potentially disrupting assignment submissions and grading processes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the extraction of highly compressed zip files (zip bombs) that cause resource exhaustion. Detection can focus on monitoring for unusually large CPU or disk usage during zip file extraction processes in MarkUs versions up to 2.9.3.
Since the vulnerability is triggered by zip bomb files uploaded and extracted by the application, you can detect suspicious zip files by checking their compression ratio or number of entries before extraction.
- Use commands to inspect zip files for unusually high compression ratios or large numbers of entries, for example:
- 1. To list the contents and count entries: `unzip -l suspicious.zip | wc -l`
- 2. To check the compressed and uncompressed sizes: `zipinfo -v suspicious.zip`
- 3. Monitor system resource usage during extraction with commands like `top`, `htop`, or `iotop` to detect spikes.
Additionally, network monitoring tools can be used to detect unusual upload activity of large or suspicious zip files to the MarkUs application.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade MarkUs to version 2.9.4 or later, where protections against zip bombs have been implemented by imposing extraction limits.
Until the upgrade can be performed, consider the following immediate steps:
- 1. Restrict or disable zip file uploads temporarily to prevent exploitation.
- 2. Implement manual or automated scanning of uploaded zip files to detect and block zip bombs based on size, entry count, or compression ratio.
- 3. Monitor system resources closely for signs of excessive CPU or disk usage related to zip extraction.
- 4. Apply network-level controls to limit or inspect uploads to the MarkUs application.