CVE-2026-47669 - DbGate archive unzip arbitrary write RCE
DbGate dbgate versions through 7.1.8 allowed archive extraction paths to
escape the intended output directory. A malicious ZIP entry using parent-path
segments could cause DbGate to write attacker-controlled bytes outside the
archive workspace. In Docker deployments that run DbGate with broad filesystem
access, that arbitrary write can become code execution through startup scripts,
application files, cron-like paths, or other files later interpreted by the
runtime.
The advisory also calls out a dangerous deployment shape: default Docker
instances can run as root and may use the none authentication provider. A
reviewable remediation needs more than a version bump: it should prove archive
extraction is path-confined, archive APIs are permissioned, default auth is not
exposed, and the runtime cannot write high-impact host or container paths.
When to use it
Use this recipe when a repository, database tool deployment, or admin workbench uses DbGate archive import/unzip features. It is designed for source-code and deployment remediation, archive extraction containment, arbitrary-write review, and evidence that ZIP entries cannot escape the intended archive workspace.
Inputs
- DbGate version, archive import routes/features, authentication settings, Docker/runtime privileges, mounted volumes, and extraction workspace policy.
- Source/config paths that extract ZIP entries, normalize paths, write files, load plugins/scripts, or expose import APIs.
- Regression fixtures for
..entries, absolute paths, symlinks, valid archive files, denied out-of-workspace writes, and runtime privilege reduction. - Boundary evidence: who can upload archives, filesystem reach, startup/script paths, mounted volumes, logs, and cleanup owner.
Affected versions
- Vulnerable package:
dbgate <=7.1.8 - Fixed package:
dbgate 7.1.9+ - Affected operation: archive ZIP upload/save/unzip flow
- Affected code shape: joining an archive output directory with untrusted ZIP entry names without verifying the resolved path remains inside the output directory
- High-risk deployment condition: DbGate running as root, with broad mounts, writable application directories, anonymous/default auth, or network exposure beyond fully trusted administrators
Indicator-of-exposure
- The repository depends on, vendors, forks, builds, or deploys DbGate
<=7.1.8. - DbGate archive upload, save, import, backup-restore, or unzip endpoints are reachable from a browser, API client, support tool, automation account, or tenant-facing admin surface.
- DbGate is deployed through Docker, Compose, Helm, Kubernetes, a VM image, or PaaS runtime with writable mounts or root/default process privileges.
- Authentication is disabled, set to
none, delegated only at a proxy, or otherwise reachable by users who are not fully trusted DbGate administrators. - The DbGate process can write application files, startup scripts, config, database files, host mounts, shared volumes, logs interpreted by other tools, or deployment material.
Quick checks:
rg -n "dbgate|archive/unzip|save-uploaded-zip|unzipDirectory|zip|Zip|authProvider|amoid|none|LOGINS|LOGIN_PASSWORD|DBGATE|uploads/upload" .
npm ls dbgate dbgate-api dbgate-serve dbgate-web
pnpm why dbgate dbgate-api dbgate-serve dbgate-web
yarn why dbgate dbgate-api dbgate-serve dbgate-web
rg -n "dbgate|DBGATE|LOGINS|LOGIN_PASSWORD|authProvider|none|archive|zip" Dockerfile* docker-compose*.yml compose*.yml charts k8s deploy .github . 2>/dev/null
Windows:
rg -n "dbgate|archive/unzip|save-uploaded-zip|unzipDirectory|zip|Zip|authProvider|amoid|none|LOGINS|LOGIN_PASSWORD|DBGATE|uploads/upload" .
npm ls dbgate dbgate-api dbgate-serve dbgate-web
pnpm why dbgate dbgate-api dbgate-serve dbgate-web
yarn why dbgate dbgate-api dbgate-serve dbgate-web
rg -n "dbgate|DBGATE|LOGINS|LOGIN_PASSWORD|authProvider|none|archive|zip" Dockerfile* docker-compose*.yml compose*.yml charts k8s deploy .github .
Do not upload traversal ZIPs, write outside a temporary test directory, or probe live DbGate archive endpoints during triage.
Remediation strategy
- Upgrade every controlled DbGate runtime, lockfile, image, deployment
manifest, generated dependency report, and SBOM to
7.1.9+. - If this repository owns a DbGate fork, wrapper, or archive implementation, canonicalize each ZIP entry path and reject extraction when the resolved destination is outside the intended archive workspace.
- Reject absolute paths, drive-qualified paths, UNC paths, parent traversal, symlink escapes, hardlink escapes, device files, control characters, and archive entries that normalize to empty or root-like destinations.
- Add authorization checks around archive upload/save/unzip/import operations. Basic authenticated users should not be able to write runtime-controlled filesystem paths.
- Disable
none/anonymous/default auth for any DbGate deployment reachable by untrusted users, and do not rely solely on a reverse proxy for archive API authorization. - Run DbGate with least privilege: non-root process where supported, application files read-only, narrow writable archive volume, no host root mounts, restricted egress, and no cloud/deploy credentials in the same process.
- Rotate DbGate sessions, database credentials, and any writable-volume secrets if a vulnerable deployment was reachable by untrusted users.
The prompt
You are remediating CVE-2026-47669 / GHSA-h535-j5hr-mv56, a critical DbGate
Zip Slip issue in archive unzip handling that can write attacker-controlled
files outside the archive workspace and lead to RCE in high-privilege
deployments. Produce exactly one output:
- A reviewer-ready PR/change request that upgrades DbGate, confines archive
extraction paths, hardens archive authorization and deployment defaults,
refreshes generated artifacts, and documents operator cleanup, or
- TRIAGE.md if this repository does not control an affected DbGate runtime,
fork, archive feature, image, deployment, or wrapper.
## Rules
- Scope only CVE-2026-47669 / GHSA-h535-j5hr-mv56 and directly related DbGate
archive extraction, archive authorization, auth default, and runtime
filesystem-hardening work.
- Treat DbGate sessions, bearer tokens, saved database credentials, uploaded
archives, extracted files, host mounts, environment variables, cloud
credentials, and deployment files as sensitive.
- Do not upload malicious archives to live services, write outside a temporary
test directory, create cron/startup files, modify application code as a proof,
or run shell-command validation through DbGate.
- Do not print tokens, passwords, connection strings, SQL results, environment
variables, extracted sensitive files, or archive contents into logs or
commits.
- Do not replace path traversal checks with filename deny-lists or UI-only
validation.
- Do not auto-merge.
## Steps
1. Inventory every repository-controlled DbGate reference: package manifests,
lockfiles, workspaces, Dockerfiles, Compose files, Helm charts, Kubernetes
manifests, VM images, CI images, reverse-proxy config, SBOMs, generated
dependency reports, runbooks, forks, plugins, and archive wrappers.
2. Determine every resolved `dbgate`, `dbgate-api`, `dbgate-serve`, and
`dbgate-web` version. A target is vulnerable if the deployed DbGate runtime
resolves to `7.1.8` or earlier.
3. Search for archive extraction and upload paths: `unzipDirectory`,
`archive/unzip`, `save-uploaded-zip`, `uploads/upload`, ZIP import/export,
backup restore, archive workspace handling, symlink extraction, temporary
archive directories, and custom route wrappers.
4. Search deployment defaults for root/writable runtime risk:
Docker users, volume mounts, writable app directories, host paths,
`LOGINS`, `LOGIN_PASSWORD_*`, `authProvider`, `none`, `amoid`, proxy auth
exceptions, and public/internal exposure settings.
5. If this repository does not control an affected DbGate runtime, stop with
`TRIAGE.md` listing checked files, the owning deployment team if known, and
required fixed version `7.1.9+`.
6. Upgrade all controlled DbGate packages and images to `7.1.9+`. Refresh
lockfiles, package-manager metadata, container digests, deployment render
output, SBOMs, dependency reports, and docs that pin DbGate versions.
7. Where this repository owns extraction code, implement fail-closed archive
confinement:
- resolve the destination directory once;
- normalize and resolve every ZIP entry destination before writing;
- verify each resolved destination is inside the intended extraction root;
- reject absolute, drive-qualified, UNC, parent-traversal, empty, root-like,
control-character, symlink, hardlink, and device-file entries;
- write files with restrictive permissions and without following links;
- return non-secret validation errors.
8. Add archive authorization controls:
- require explicit server-side permission for upload/save/unzip/import;
- reject archive operations from anonymous/default auth;
- ensure low-privilege users cannot trigger extraction;
- audit archive operations without logging secrets or archive contents.
9. Add reviewer-safe tests:
- vulnerable DbGate versions are absent from manifests and images;
- traversal entries are rejected inside a temporary test directory;
- symlink or hardlink escape attempts are rejected if the archive library can
represent them;
- archive APIs reject anonymous/default and low-privilege users;
- generated logs omit tokens, credentials, and archive payload bytes.
10. Harden deployment where this repository owns runtime:
- run as non-root or least privilege when supported;
- mount only the archive workspace as writable;
- keep application files and config read-only;
- avoid host root, Docker socket, source checkout, and deploy-key mounts;
- keep database and cloud credentials outside the DbGate process when
possible.
11. Add a PR body section named `CVE-2026-47669 operator actions` that states:
- DbGate versions before and after;
- whether archive upload/unzip endpoints were reachable and by which roles;
- whether `none`/anonymous auth, root process execution, or broad writable
mounts were present;
- which filesystems, volumes, credentials, and logs may need review;
- whether session invalidation, credential rotation, image rebuilds, volume
inspection, or audit-log review are required;
- which validation commands passed.
12. Run available validation: package install, lockfile integrity, unit/API
tests, archive traversal tests, authz tests, lint/typecheck, container
build, deployment rendering, SBOM refresh, and dependency/security scans.
13. Use PR title:
`fix(sec): remediate CVE-2026-47669 in DbGate archive handling`.
## Stop conditions
- No affected DbGate runtime, package, image, archive wrapper, fork, or
deployment is controlled by this repository.
- DbGate is supplied only by another team, managed platform, or external image;
document owner and required fixed version in `TRIAGE.md`.
- A fixed DbGate version cannot be consumed without a broader platform
migration.
- Verification would require live traversal archive upload, writing outside a
temporary test directory, secret-bearing runtime inspection, or exploit-like
RCE proof.
- Validation fails for unrelated pre-existing reasons; document those failures
instead of broadening scope.
Output contract
- A reviewer-ready PR or change request that upgrades DbGate, constrains extraction paths to the archive workspace, adds traversal tests, hardens auth/runtime privileges, and documents cleanup.
- Or a
TRIAGE.mdfile that lists inspected files/config, owner, observed version, archive upload exposure, writable paths, required fix, and residual risk. - The output must include exact validation commands and must not overwrite real files, plant startup scripts, execute payloads, or expose database secrets.
Verification - what the reviewer looks for
- No controlled lockfile, image, SBOM, package manifest, or deployment target
resolves DbGate to
7.1.8or earlier. - Archive extraction code resolves output paths and rejects any destination outside the intended extraction root before writing.
- Archive upload/save/unzip endpoints require explicit server-side authorization and reject anonymous/default access.
- The runtime is not root with broad writable mounts unless a documented platform exception remains.
- Tests prove traversal rejection using temporary directories only, without live-service archive uploads or shell-command proofs.
- Operator notes cover session invalidation, credential rotation, volume/log review, and image rebuilds when untrusted users may have reached archive endpoints.
Watch for
- Updating npm manifests while Docker images, Helm values, Compose files, or generated SBOMs still deploy an old DbGate runtime.
- Normalizing paths but forgetting Windows drive letters, UNC paths, symlink escapes, or archive entries that resolve to the extraction root itself.
- Blocking the UI while archive API routes remain reachable through direct requests or proxy bypasses.
- Treating
noneauth or root-in-container defaults as acceptable because the service is “internal.” - Tests that check only
../strings instead of resolved filesystem paths.
Related recipes
- Source code supply chain build integrity audit
- Source code secrets and data exposure audit
- Source code injection sink audit
- SAST finding triage and fix
References
- GitHub Advisory Database: https://github.com/advisories/GHSA-h535-j5hr-mv56
- DbGate 7.1.9 release: https://github.com/dbgate/dbgate/releases/tag/v7.1.9
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47669