Zip Slip Vulnerability in CTFd Admin Import Functionality

CVE-2026-30345

What is CVE-2026-30345?

A zip slip vulnerability exists in the Admin import functionality of CTFd version 3.8.1-18-gdb5a18c4. This flaw allows attackers to craft malicious import files that could result in arbitrary file writes to directories outside of the designated import path. By exploiting this vulnerability, a malicious user could compromise the integrity of the application, leading to potential unauthorized access and system manipulation. Implementing proper input validation and sanitization measures is critical to mitigate this type of security threat.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References