Vulnerability DatabaseCVE-2026-30345
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-30345
March 18, 2026
A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import.
Affected Packages
https://github.com/CTFd/CTFd.git (GITHUB):
Affected version(s) >=1.0.0 <3.8.2
Fix Suggestion:
Update to version 3.8.2
Related ResourcesĀ (4)
https://github.com/syphonetic/CVE-2026-30345
https://blog.ctfd.io/ctfd-3-8-2/
https://github.com/CTFd/CTFd/security/policy
https://github.com/CTFd/CTFd
Do you need more information?
Contact Us
CVSS v3
Base Score:
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH