VDB
KO
MEDIUM 5.0

PYSEC-2026-1900

Directory creation by malicious user in saltstack

Details

Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / salt
Introduced in: 0 Fixed in: 3005.5
Fix pip install --upgrade 'salt>=3005.5'

References