Browse all 6 CVE security advisories affecting vitessio. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Vitessio is a database clustering solution for horizontal scaling of MySQL databases, commonly used in cloud-native environments. Historically, vulnerabilities affecting Vitessio include remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and insecure default configurations. The project has addressed six CVEs to date, with notable security concerns around authentication bypass and SQL injection in earlier versions. Recent releases have improved security through stricter input sanitization and enhanced access controls, though the distributed nature of Vitessio remains a potential attack surface for complex exploitation scenarios.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27969 | Vitess users with backup storage access can write to arbitrary file paths on restore — vitessCWE-22 | 6.5AI | MediumAI | 2026-02-26 |
| CVE-2026-27965 | Vitess users with backup storage access can gain unauthorized access to production deployment environments — vitessCWE-78 | 8.8AI | HighAI | 2026-02-26 |
| CVE-2024-53257 | Vitess allows HTML injection in /debug/querylogz & /debug/env — vitessCWE-79 | 4.9 | Medium | 2024-12-03 |
| CVE-2024-32886 | Vitess vulnerable to infinite memory consumption and vtgate crash — vitessCWE-835 | 4.9 | Medium | 2024-05-08 |
| CVE-2023-29195 | Vitess VTAdmin users that can create shards can deny access to other functions — vitessCWE-20 | 4.1 | Medium | 2023-05-11 |
| CVE-2023-29194 | vitess allows users to create keyspaces that can deny access to already existing keyspaces — vitessCWE-20 | 4.1 | Medium | 2023-04-14 |
This page lists every published CVE security advisory associated with vitessio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.