CVE-2026-47277
Received Received - Intake
Arbitrary File Read via Symlink in Runtipi

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: GitHub, Inc.

Description
Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only the lexical path before Node reads the file, so a Git app store that contains metadata/logo.jpg as a symbolic link can cause Runtipi to read and return the symlink target. Because the endpoint is public and the symlink target may point outside the cloned repository, this can expose local files from the Runtipi container such as /data/.env, /data/state/seed, logs, or application files. This can disclose JWT secrets, service credentials, local configuration, and operational logs depending on the instance. The issue has been fixed in version 4.10.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-47277
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
runtipi runtipi From 4.9.1 (inc) to 4.9.3 (inc)
runtipi runtipi 4.10.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in Runtipi allows unauthenticated arbitrary file reads, potentially exposing sensitive files such as JWT secrets, service credentials, local configuration, and operational logs.

This unauthorized disclosure of sensitive data could lead to non-compliance with data protection regulations and standards like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

Specifically, exposure of secrets and configuration files may compromise confidentiality requirements mandated by these regulations, increasing the risk of data breaches and regulatory penalties.

Executive Summary

CVE-2026-47277 is a vulnerability in Runtipi versions 4.9.1 through 4.9.3 that allows unauthenticated arbitrary file reads via symlinks in app-store logos.

Runtipi serves marketplace app logos from files inside cloned app-store repositories through a public endpoint without authentication. The vulnerability arises because the application only checks the lexical path and does not properly validate symbolic links.

An attacker can create a malicious app-store repository containing a symlink named metadata/logo.jpg that points to sensitive files outside the cloned repository, such as /data/.env or other container files. When the endpoint processes the request, it follows the symlink and exposes the contents of the target file.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information stored within the Runtipi container.

  • Exposure of JWT secrets
  • Disclosure of service credentials
  • Access to local configuration files such as /data/.env
  • Leakage of operational logs and application files

Because the endpoint is public and unauthenticated, any attacker can exploit this to read arbitrary files, potentially compromising the confidentiality of your system.

Detection Guidance

This vulnerability can be detected by checking if the Runtipi instance is serving marketplace app logos through the unauthenticated endpoint GET /api/marketplace/apps/:urn/image and if it follows symbolic links in the app-store repositories.

To detect exploitation attempts or presence of the vulnerability, you can monitor HTTP requests to the endpoint for unusual access patterns or requests for files outside the expected repository paths.

Specific commands are not provided in the resources, but you can use network monitoring tools like curl or wget to test the endpoint, for example:

  • curl -v http://<runtipi-host>/api/marketplace/apps/<app-urn>/image
  • Check if the response contains unexpected file contents such as configuration files or environment variables.

Additionally, inspecting the app-store repositories for symbolic links named metadata/logo.jpg pointing outside the repository can help detect the vulnerability.

Mitigation Strategies

The immediate mitigation step is to upgrade Runtipi to version 4.10.0 or later, where this vulnerability has been fixed.

The fix includes tightening filesystem type checks to prevent following symbolic links when serving public data and validating real paths before serving files.

If upgrading immediately is not possible, restrict access to the vulnerable endpoint by network controls or firewall rules to prevent unauthenticated access.

Review and remove any malicious or unexpected symbolic links in the app-store repositories that could be exploited.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47277. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart