CVE-2026-47669 - DbGate archive unzip arbitrary write RCE

DbGate dbgate versions through 7.1.8 allowed archive extraction paths to escape the intended output directory. A malicious ZIP entry using parent-path segments could cause DbGate to write attacker-controlled bytes outside the archive workspace. In Docker deployments that run DbGate with broad filesystem access, that arbitrary write can become code execution through startup scripts, application files, cron-like paths, or other files later interpreted by the runtime.

The advisory also calls out a dangerous deployment shape: default Docker instances can run as root and may use the none authentication provider. A reviewable remediation needs more than a version bump: it should prove archive extraction is path-confined, archive APIs are permissioned, default auth is not exposed, and the runtime cannot write high-impact host or container paths.

When to use it

Use this recipe when a repository, database tool deployment, or admin workbench uses DbGate archive import/unzip features. It is designed for source-code and deployment remediation, archive extraction containment, arbitrary-write review, and evidence that ZIP entries cannot escape the intended archive workspace.

Inputs

  • DbGate version, archive import routes/features, authentication settings, Docker/runtime privileges, mounted volumes, and extraction workspace policy.
  • Source/config paths that extract ZIP entries, normalize paths, write files, load plugins/scripts, or expose import APIs.
  • Regression fixtures for .. entries, absolute paths, symlinks, valid archive files, denied out-of-workspace writes, and runtime privilege reduction.
  • Boundary evidence: who can upload archives, filesystem reach, startup/script paths, mounted volumes, logs, and cleanup owner.

Affected versions

  • Vulnerable package: dbgate <=7.1.8
  • Fixed package: dbgate 7.1.9+
  • Affected operation: archive ZIP upload/save/unzip flow
  • Affected code shape: joining an archive output directory with untrusted ZIP entry names without verifying the resolved path remains inside the output directory
  • High-risk deployment condition: DbGate running as root, with broad mounts, writable application directories, anonymous/default auth, or network exposure beyond fully trusted administrators

Indicator-of-exposure

  • The repository depends on, vendors, forks, builds, or deploys DbGate <=7.1.8.
  • DbGate archive upload, save, import, backup-restore, or unzip endpoints are reachable from a browser, API client, support tool, automation account, or tenant-facing admin surface.
  • DbGate is deployed through Docker, Compose, Helm, Kubernetes, a VM image, or PaaS runtime with writable mounts or root/default process privileges.
  • Authentication is disabled, set to none, delegated only at a proxy, or otherwise reachable by users who are not fully trusted DbGate administrators.
  • The DbGate process can write application files, startup scripts, config, database files, host mounts, shared volumes, logs interpreted by other tools, or deployment material.

Quick checks:

rg -n "dbgate|archive/unzip|save-uploaded-zip|unzipDirectory|zip|Zip|authProvider|amoid|none|LOGINS|LOGIN_PASSWORD|DBGATE|uploads/upload" .
npm ls dbgate dbgate-api dbgate-serve dbgate-web
pnpm why dbgate dbgate-api dbgate-serve dbgate-web
yarn why dbgate dbgate-api dbgate-serve dbgate-web
rg -n "dbgate|DBGATE|LOGINS|LOGIN_PASSWORD|authProvider|none|archive|zip" Dockerfile* docker-compose*.yml compose*.yml charts k8s deploy .github . 2>/dev/null

Windows:

rg -n "dbgate|archive/unzip|save-uploaded-zip|unzipDirectory|zip|Zip|authProvider|amoid|none|LOGINS|LOGIN_PASSWORD|DBGATE|uploads/upload" .
npm ls dbgate dbgate-api dbgate-serve dbgate-web
pnpm why dbgate dbgate-api dbgate-serve dbgate-web
yarn why dbgate dbgate-api dbgate-serve dbgate-web
rg -n "dbgate|DBGATE|LOGINS|LOGIN_PASSWORD|authProvider|none|archive|zip" Dockerfile* docker-compose*.yml compose*.yml charts k8s deploy .github .

Do not upload traversal ZIPs, write outside a temporary test directory, or probe live DbGate archive endpoints during triage.

Remediation strategy

  • Upgrade every controlled DbGate runtime, lockfile, image, deployment manifest, generated dependency report, and SBOM to 7.1.9+.
  • If this repository owns a DbGate fork, wrapper, or archive implementation, canonicalize each ZIP entry path and reject extraction when the resolved destination is outside the intended archive workspace.
  • Reject absolute paths, drive-qualified paths, UNC paths, parent traversal, symlink escapes, hardlink escapes, device files, control characters, and archive entries that normalize to empty or root-like destinations.
  • Add authorization checks around archive upload/save/unzip/import operations. Basic authenticated users should not be able to write runtime-controlled filesystem paths.
  • Disable none/anonymous/default auth for any DbGate deployment reachable by untrusted users, and do not rely solely on a reverse proxy for archive API authorization.
  • Run DbGate with least privilege: non-root process where supported, application files read-only, narrow writable archive volume, no host root mounts, restricted egress, and no cloud/deploy credentials in the same process.
  • Rotate DbGate sessions, database credentials, and any writable-volume secrets if a vulnerable deployment was reachable by untrusted users.

The prompt

You are remediating CVE-2026-47669 / GHSA-h535-j5hr-mv56, a critical DbGate
Zip Slip issue in archive unzip handling that can write attacker-controlled
files outside the archive workspace and lead to RCE in high-privilege
deployments. Produce exactly one output:

- A reviewer-ready PR/change request that upgrades DbGate, confines archive
  extraction paths, hardens archive authorization and deployment defaults,
  refreshes generated artifacts, and documents operator cleanup, or
- TRIAGE.md if this repository does not control an affected DbGate runtime,
  fork, archive feature, image, deployment, or wrapper.

## Rules

- Scope only CVE-2026-47669 / GHSA-h535-j5hr-mv56 and directly related DbGate
  archive extraction, archive authorization, auth default, and runtime
  filesystem-hardening work.
- Treat DbGate sessions, bearer tokens, saved database credentials, uploaded
  archives, extracted files, host mounts, environment variables, cloud
  credentials, and deployment files as sensitive.
- Do not upload malicious archives to live services, write outside a temporary
  test directory, create cron/startup files, modify application code as a proof,
  or run shell-command validation through DbGate.
- Do not print tokens, passwords, connection strings, SQL results, environment
  variables, extracted sensitive files, or archive contents into logs or
  commits.
- Do not replace path traversal checks with filename deny-lists or UI-only
  validation.
- Do not auto-merge.

## Steps

1. Inventory every repository-controlled DbGate reference: package manifests,
   lockfiles, workspaces, Dockerfiles, Compose files, Helm charts, Kubernetes
   manifests, VM images, CI images, reverse-proxy config, SBOMs, generated
   dependency reports, runbooks, forks, plugins, and archive wrappers.
2. Determine every resolved `dbgate`, `dbgate-api`, `dbgate-serve`, and
   `dbgate-web` version. A target is vulnerable if the deployed DbGate runtime
   resolves to `7.1.8` or earlier.
3. Search for archive extraction and upload paths: `unzipDirectory`,
   `archive/unzip`, `save-uploaded-zip`, `uploads/upload`, ZIP import/export,
   backup restore, archive workspace handling, symlink extraction, temporary
   archive directories, and custom route wrappers.
4. Search deployment defaults for root/writable runtime risk:
   Docker users, volume mounts, writable app directories, host paths,
   `LOGINS`, `LOGIN_PASSWORD_*`, `authProvider`, `none`, `amoid`, proxy auth
   exceptions, and public/internal exposure settings.
5. If this repository does not control an affected DbGate runtime, stop with
   `TRIAGE.md` listing checked files, the owning deployment team if known, and
   required fixed version `7.1.9+`.
6. Upgrade all controlled DbGate packages and images to `7.1.9+`. Refresh
   lockfiles, package-manager metadata, container digests, deployment render
   output, SBOMs, dependency reports, and docs that pin DbGate versions.
7. Where this repository owns extraction code, implement fail-closed archive
   confinement:
   - resolve the destination directory once;
   - normalize and resolve every ZIP entry destination before writing;
   - verify each resolved destination is inside the intended extraction root;
   - reject absolute, drive-qualified, UNC, parent-traversal, empty, root-like,
     control-character, symlink, hardlink, and device-file entries;
   - write files with restrictive permissions and without following links;
   - return non-secret validation errors.
8. Add archive authorization controls:
   - require explicit server-side permission for upload/save/unzip/import;
   - reject archive operations from anonymous/default auth;
   - ensure low-privilege users cannot trigger extraction;
   - audit archive operations without logging secrets or archive contents.
9. Add reviewer-safe tests:
   - vulnerable DbGate versions are absent from manifests and images;
   - traversal entries are rejected inside a temporary test directory;
   - symlink or hardlink escape attempts are rejected if the archive library can
     represent them;
   - archive APIs reject anonymous/default and low-privilege users;
   - generated logs omit tokens, credentials, and archive payload bytes.
10. Harden deployment where this repository owns runtime:
    - run as non-root or least privilege when supported;
    - mount only the archive workspace as writable;
    - keep application files and config read-only;
    - avoid host root, Docker socket, source checkout, and deploy-key mounts;
    - keep database and cloud credentials outside the DbGate process when
      possible.
11. Add a PR body section named `CVE-2026-47669 operator actions` that states:
    - DbGate versions before and after;
    - whether archive upload/unzip endpoints were reachable and by which roles;
    - whether `none`/anonymous auth, root process execution, or broad writable
      mounts were present;
    - which filesystems, volumes, credentials, and logs may need review;
    - whether session invalidation, credential rotation, image rebuilds, volume
      inspection, or audit-log review are required;
    - which validation commands passed.
12. Run available validation: package install, lockfile integrity, unit/API
    tests, archive traversal tests, authz tests, lint/typecheck, container
    build, deployment rendering, SBOM refresh, and dependency/security scans.
13. Use PR title:
    `fix(sec): remediate CVE-2026-47669 in DbGate archive handling`.

## Stop conditions

- No affected DbGate runtime, package, image, archive wrapper, fork, or
  deployment is controlled by this repository.
- DbGate is supplied only by another team, managed platform, or external image;
  document owner and required fixed version in `TRIAGE.md`.
- A fixed DbGate version cannot be consumed without a broader platform
  migration.
- Verification would require live traversal archive upload, writing outside a
  temporary test directory, secret-bearing runtime inspection, or exploit-like
  RCE proof.
- Validation fails for unrelated pre-existing reasons; document those failures
  instead of broadening scope.

Output contract

  • A reviewer-ready PR or change request that upgrades DbGate, constrains extraction paths to the archive workspace, adds traversal tests, hardens auth/runtime privileges, and documents cleanup.
  • Or a TRIAGE.md file that lists inspected files/config, owner, observed version, archive upload exposure, writable paths, required fix, and residual risk.
  • The output must include exact validation commands and must not overwrite real files, plant startup scripts, execute payloads, or expose database secrets.

Verification - what the reviewer looks for

  • No controlled lockfile, image, SBOM, package manifest, or deployment target resolves DbGate to 7.1.8 or earlier.
  • Archive extraction code resolves output paths and rejects any destination outside the intended extraction root before writing.
  • Archive upload/save/unzip endpoints require explicit server-side authorization and reject anonymous/default access.
  • The runtime is not root with broad writable mounts unless a documented platform exception remains.
  • Tests prove traversal rejection using temporary directories only, without live-service archive uploads or shell-command proofs.
  • Operator notes cover session invalidation, credential rotation, volume/log review, and image rebuilds when untrusted users may have reached archive endpoints.

Watch for

  • Updating npm manifests while Docker images, Helm values, Compose files, or generated SBOMs still deploy an old DbGate runtime.
  • Normalizing paths but forgetting Windows drive letters, UNC paths, symlink escapes, or archive entries that resolve to the extraction root itself.
  • Blocking the UI while archive API routes remain reachable through direct requests or proxy bypasses.
  • Treating none auth or root-in-container defaults as acceptable because the service is “internal.”
  • Tests that check only ../ strings instead of resolved filesystem paths.

References