{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25964", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-09T17:13:54.066Z", "datePublished": "2026-02-13T18:27:08.973Z", "dateUpdated": "2026-02-13T20:01:40.545Z"}, "containers": {"cna": {"title": "Tandoor Recipes Affected by Authenticated Local File Disclosure (LFD) via Recipe Import leads to Arbitrary File Read", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-73", "lang": "en", "description": "CWE-73: External Control of File Name or Path", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-6485-jr28-52xx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-6485-jr28-52xx"}, {"name": "https://github.com/TandoorRecipes/recipes/commit/f7f3524609451ab0b5a4fd760ad0af147d8ed794", "tags": ["x_refsource_MISC"], "url": "https://github.com/TandoorRecipes/recipes/commit/f7f3524609451ab0b5a4fd760ad0af147d8ed794"}, {"name": "https://github.com/TandoorRecipes/recipes/releases/tag/2.5.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/TandoorRecipes/recipes/releases/tag/2.5.1"}], "affected": [{"vendor": "TandoorRecipes", "product": "recipes", "versions": [{"version": "< 2.5.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-13T18:27:08.973Z"}, "descriptions": [{"lang": "en", "value": "Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This vulnerability stems from a lack of input validation in the file_path parameter and insufficient checks in the Local storage backend, enabling an attacker to bypass storage directory restrictions and access sensitive system files (e.g., /etc/passwd) or application configuration files (e.g., settings.py), potentially leading to full system compromise. This vulnerability is fixed in 2.5.1."}], "source": {"advisory": "GHSA-6485-jr28-52xx", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-13T20:00:57.599657Z", "id": "CVE-2026-25964", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T20:01:40.545Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25964", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-13T20:00:57.599657Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T20:01:06.908Z"}}], "cna": {"title": "Tandoor Recipes Affected by Authenticated Local File Disclosure (LFD) via Recipe Import leads to Arbitrary File Read", "source": {"advisory": "GHSA-6485-jr28-52xx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "TandoorRecipes", "product": "recipes", "versions": [{"status": "affected", "version": "< 2.5.1"}]}], "references": [{"url": "https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-6485-jr28-52xx", "name": "https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-6485-jr28-52xx", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/TandoorRecipes/recipes/commit/f7f3524609451ab0b5a4fd760ad0af147d8ed794", "name": "https://github.com/TandoorRecipes/recipes/commit/f7f3524609451ab0b5a4fd760ad0af147d8ed794", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/TandoorRecipes/recipes/releases/tag/2.5.1", "name": "https://github.com/TandoorRecipes/recipes/releases/tag/2.5.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This vulnerability stems from a lack of input validation in the file_path parameter and insufficient checks in the Local storage backend, enabling an attacker to bypass storage directory restrictions and access sensitive system files (e.g., /etc/passwd) or application configuration files (e.g., settings.py), potentially leading to full system compromise. This vulnerability is fixed in 2.5.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-13T18:27:08.973Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25964", "state": "PUBLISHED", "dateUpdated": "2026-02-13T20:01:40.545Z", "dateReserved": "2026-02-09T17:13:54.066Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-13T18:27:08.973Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tandoor:recipes:*:*:*:*:*:*:*:*", "matchCriteriaId": "21860AB5-9F47-4015-958B-26FE480AE53B", "versionEndExcluding": "2.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This vulnerability stems from a lack of input validation in the file_path parameter and insufficient checks in the Local storage backend, enabling an attacker to bypass storage directory restrictions and access sensitive system files (e.g., /etc/passwd) or application configuration files (e.g., settings.py), potentially leading to full system compromise. This vulnerability is fixed in 2.5.1."}], "id": "CVE-2026-25964", "lastModified": "2026-02-17T16:07:02.177", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-13T19:17:28.810", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/TandoorRecipes/recipes/commit/f7f3524609451ab0b5a4fd760ad0af147d8ed794"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/TandoorRecipes/recipes/releases/tag/2.5.1"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-6485-jr28-52xx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-73"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.5.1)"}}], "product": "recipes", "vendor": "tandoorrecipes"}], "analysis": {"en": {"generated_at": "2026-04-17T19:50:24.090055+00:00", "value": {"mitigation_remediation": ["Upgrade the Tandoor Recipes application to version 2.5.1 or later to fix the file path validation flaw.", "If an upgrade is not immediately feasible, restrict or disable the Recipe Import feature for all users except trusted administrators who truly require it.", "Run the application under the least-privilege user account and ensure that the web process does not have write access to system directories such as /etc or project configuration folders.", "Validate the file_path parameter on the server side, rejecting paths containing '..' or absolute paths, and enforce strict directory boundaries before processing."], "summary": {"action": "Apply Patch", "impact": "Arbitrary File Read via Local File Disclosure"}, "threat_synthesis": {"affected_systems": "Any installation of the TandoorRecipes:recipes application running a version earlier than 2.5.1. The CVE specifically lists Tandoor Recipes as the affected vendor/product. Users with import permissions are susceptible. The relevant versions that are affected are all releases prior to 2.5.1.", "description_and_impact": "In Tandoor Recipes, an authenticated local file disclosure vulnerability exists in the RecipeImport workflow. The application fails to validate the file_path parameter and does not enforce directory restrictions in the local storage backend. As a result, an attacker with import permissions can craft a file_path that traverses directories to read any file accessible to the application process. This can expose sensitive user data, system configuration files, or crucial service files, which may in turn enable further compromise of the host.", "risk_and_exploitability": "The vulnerability scores a CVSS of 4.9, indicating moderate severity, while the EPSS score remains below 1%, suggesting low probability of exploitation at present. The CVE is not included in CISA\u2019s KEV catalog. Exploitation requires an authenticated session with import privileges; the attacker must log into the application and supply a crafted file_path during recipe import. If successful, the attacker can read arbitrary files and potentially advance to full system compromise."}}}}, "created": "2026-02-13T21:28:29.411221+00:00", "updated": "2026-04-17T20:00:09.011459+00:00", "vendors": ["tandoorrecipes", "tandoorrecipes$PRODUCT$recipes"]}