Description
Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only the lexical path before Node reads the file, so a Git app store that contains metadata/logo.jpg as a symbolic link can cause Runtipi to read and return the symlink target. Because the endpoint is public and the symlink target may point outside the cloned repository, this can expose local files from the Runtipi container such as /data/.env, /data/state/seed, logs, or application files. This can disclose JWT secrets, service credentials, local configuration, and operational logs depending on the instance. The issue has been fixed in version 4.10.0.
Published: 2026-06-16
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In Runtipi versions 4.9.1 through 4.9.3, the marketplace app logo endpoint serves files from cloned repositories without authentication, allowing a malicious symlink to point to a sensitive file. The path guard only checks the lexical path, so the server can read and return the target file contents, leading to disclosure of environment files, secrets, logs, and application data.

Affected Systems

The vulnerable Runtipi products are the Runtipi orchestrator running versions 4.9.1, 4.9.2, and 4.9.3. Containers or deployments that host these versions are at risk if they expose the marketplace endpoint to the network.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. The EPSS score is below 1 %, suggesting a low likelihood of exploitation, and the vulnerability is not listed in CISA’s KEV catalog. Nevertheless, because the endpoint is unauthenticated and publicly reachable, an attacker with network access can exploit it by uploading a repository containing a malicious logo symlink. The attack does not require elevated privileges and can reveal critical configuration and secret information.

Generated by OpenCVE AI on June 17, 2026 at 18:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Runtipi to version 4.10.0 or later, where the file read guard has been corrected.
  • If an upgrade cannot be performed immediately, restrict the marketplace logo endpoint to trusted hosts or add authentication to prevent unauthenticated access.
  • Audit the cloned repositories for unexpected symbolic links that may reference sensitive files and remove any that pose a risk.

Generated by OpenCVE AI on June 17, 2026 at 18:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
First Time appeared Runtipi
Runtipi runtipi
Vendors & Products Runtipi
Runtipi runtipi

Tue, 16 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Description Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only the lexical path before Node reads the file, so a Git app store that contains metadata/logo.jpg as a symbolic link can cause Runtipi to read and return the symlink target. Because the endpoint is public and the symlink target may point outside the cloned repository, this can expose local files from the Runtipi container such as /data/.env, /data/state/seed, logs, or application files. This can disclose JWT secrets, service credentials, local configuration, and operational logs depending on the instance. The issue has been fixed in version 4.10.0.
Title Runtipi: Unauthenticated arbitrary file read through app-store logo symlinks
Weaknesses CWE-22
CWE-59
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-17T14:23:41.607Z

Reserved: 2026-05-18T23:03:37.230Z

Link: CVE-2026-47277

cve-icon Vulnrichment

Updated: 2026-06-17T14:23:35.767Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T18:45:10Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  • CWE-59

    Improper Link Resolution Before File Access ('Link Following')