CVE-2026-35465
Path Traversal in SecureDrop Client Enables High-Severity Code Execution
Publication date: 2026-04-18
Last updated on: 2026-04-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freedom | securedrop-client | to 0.17.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
| CWE-36 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in SecureDrop Client versions 0.17.4 and below. It allows a compromised SecureDrop Server to execute code on the Client's virtual machine by exploiting improper filename validation during gzip archive extraction. Specifically, the vulnerability permits absolute paths in filenames, which can overwrite critical files such as the SQLite database.
Exploitation requires that the SecureDrop Server is already compromised, which is difficult because the server is hardened and only accessible via Tor hidden services. Despite the high complexity to exploit, the vulnerability is rated as High severity due to its potential impact.
The issue was fixed in SecureDrop Client version 0.17.5 with a more robust fix implemented in the replacement SecureDrop Inbox codebase.
How can this vulnerability impact me? :
This vulnerability can significantly impact the confidentiality, integrity, and availability of decrypted source submissions handled by the SecureDrop Client.
- Confidentiality: An attacker could access sensitive information submitted by sources.
- Integrity: Critical files like the SQLite database can be overwritten, potentially altering or destroying data.
- Availability: The ability to execute code on the clientβs virtual machine could disrupt the normal operation of the SecureDrop Client.
However, exploitation requires prior compromise of the SecureDrop Server, which is designed to be highly secure.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade the SecureDrop Client to version 0.17.5 or later, where the issue has been fixed.
Since exploitation requires prior compromise of the SecureDrop Server, ensure the server remains secure and hardened, and limit access to it via Tor hidden services as designed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability impacts the confidentiality, integrity, and availability of decrypted source submissions handled by the SecureDrop Client. Since these submissions may contain sensitive information, the vulnerability could potentially lead to unauthorized access or modification of such data.
However, exploitation requires prior compromise of the SecureDrop Server, which is hardened and only accessible via Tor hidden services, making the attack complex.
While the CVE description highlights significant impact on data security, it does not explicitly mention effects on compliance with standards like GDPR or HIPAA.