GHSA-c66c-vq6w-fvh5: Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic
lowvulnerability
security
Summary
A vulnerability in Omni's CreateSchematic API allows an authenticated Operator (administrator) to perform path traversal (accessing files or endpoints outside the intended directory) on the image-factory server by embedding unsanitized user input into a URL path. An attacker can use sequences like '../' to navigate to unintended endpoints and receive back error messages that may leak sensitive information from the image-factory server.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Patch Available
Yes
Disclosure Date
June 5, 2026
Classification
Attack SophisticationModerate
Affected Packages
github.com/siderolabs/omni@>= 1.7.0, < 1.7.3 (fixed: 1.7.3)github.com/siderolabs/omni@< 1.6.6 (fixed: 1.6.6)
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-c66c-vq6w-fvh5
First tracked: June 5, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%