Description
Relative Path Traversal vulnerability in Apache Ignite REST API.

Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way.
This issue affects Apache Ignite: from 2.0.0 through 2.17.0.

Users are recommended to upgrade to version 2.18.0, which fixes the issue.
Published: 2026-05-28
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a relative path traversal flaw in Apache Ignite's REST HTTP API. When a user has authenticated API access, the 'cmd=log' endpoint accepts a log path argument that can be crafted to traverse directories and read arbitrary files present on the server. This flaw is identified as CWE‑23 and allows a privileged attacker to obtain sensitive configuration files, credentials, or other confidential data, compromising confidentiality but not integrity or availability directly.

Affected Systems

Affected is the Apache Ignite platform, distributed under the Apache Software Foundation. All releases from version 2.0.0 up through 2.17.0 contain the unpatched 'cmd=log' handling that permits directory traversal. Versions 2.18.0 and later provide the patch that sanitizes the input path or removes the insecure endpoint.

Risk and Exploitability

The flaw carries a CVSS score of 8.5, indicating high severity. EPSS is not available, but the lack of a KEV listing suggests no widespread exploitation to date. Based on the description, the attack requires legitimate REST API credentials; an attacker who can obtain or guess these credentials can use the vulnerable endpoint to read any file the Ignite process can access. The vulnerability is exploitable without specialized network conditions beyond the standard REST interface, so the risk to environments where Ignite is exposed externally, or where forged tokens are possible, is significant.

Generated by OpenCVE AI on May 28, 2026 at 11:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Ignite installation to version 2.18.0 or later, which removes the unsafe path handling.
  • Ensure that the REST API is protected with strong authentication and that only authorized users can invoke the 'cmd' endpoint.
  • Restrict the operating‑system file permissions so that the Ignite process cannot read sensitive system files not required for its operation.
  • Monitor REST API logs for unusually crafted 'cmd=log' requests or repeated attempts to read protected paths.

Generated by OpenCVE AI on May 28, 2026 at 11:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache ignite
CPEs cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache ignite
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Thu, 28 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 28 May 2026 12:30:00 +0000

Type Values Removed Values Added
References

Thu, 28 May 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version 2.18.0, which fixes the issue.
Title Apache Ignite: REST HTTP arbitrary file read vulnerability
Weaknesses CWE-23
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Apache Ignite
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-05-28T12:59:14.937Z

Reserved: 2025-05-29T07:39:39.245Z

Link: CVE-2025-48977

cve-icon Vulnrichment

Updated: 2026-05-28T11:12:28.796Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:23.423

Modified: 2026-05-29T14:11:25.720

Link: CVE-2025-48977

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T11:30:15Z

Weaknesses