{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3223", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2026-02-25T18:46:35.171Z", "datePublished": "2026-02-27T13:12:38.809Z", "dateUpdated": "2026-03-04T04:55:13.784Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Web Designer", "vendor": "Google", "versions": [{"lessThan": "14.2.2.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer."}], "value": "Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}, {"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.4, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2026-02-27T13:12:38.809Z"}, "references": [{"url": "https://bughunters.google.com/reports/vrp/FJMQGy8oo"}], "source": {"discovery": "UNKNOWN"}, "title": "Zip Slip leading to Arbitrary File Write and Privilege Escalation in Google Web Designer", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-3223"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T04:55:13.784Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3223", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-03T16:14:34.190285Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T14:37:50.992Z"}}], "cna": {"title": "Zip Slip leading to Arbitrary File Write and Privilege Escalation in Google Web Designer", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}, {"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Google", "product": "Web Designer", "versions": [{"status": "affected", "version": "0", "lessThan": "14.2.2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://bughunters.google.com/reports/vrp/FJMQGy8oo"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.", "supportingMedia": [{"type": "text/html", "value": "Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2026-02-27T13:12:38.809Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3223", "state": "PUBLISHED", "dateUpdated": "2026-03-04T04:55:13.784Z", "dateReserved": "2026-02-25T18:46:35.171Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2026-02-27T13:12:38.809Z", "assignerShortName": "Google"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:web_designer:14.2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CFBF3177-E4D5-4948-854C-B429D0BCE081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer."}, {"lang": "es", "value": "Escritura arbitraria de archivos y potencial escalada de privilegios explotando la vulnerabilidad zip slip en Google Web Designer."}], "id": "CVE-2026-3223", "lastModified": "2026-04-14T00:33:21.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2026-02-27T14:16:30.923", "references": [{"source": "cve-coordination@google.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://bughunters.google.com/reports/vrp/FJMQGy8oo"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,14.2.2.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Web Designer", "source": "cna", "vendor": "Google"}, "product": "web_designer", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-18T10:16:00.942254+00:00", "value": {"mitigation_remediation": ["Apply the latest update or patch released by Google for Web Designer to address the zip slip bug.", "Disable or restrict the application's ability to import or open zip archives, or configure the import workflow to enforce safe extraction paths.", "Limit file system permissions of the directories used by Web Designer to prevent the application from writing outside its intended area."], "summary": {"action": "Patch ASAP", "impact": "Arbitrary file write and privilege escalation."}, "threat_synthesis": {"affected_systems": "The affectation is scoped to Google Web Designer, specifically version\u00a014.2.2.0 as indicated by the CPE string. No other releases are explicitly mentioned in the CVE data; therefore, only this version is confirmed as vulnerable.", "description_and_impact": "A zip slip vulnerability in Google Web Designer allows an attacker to create a specially crafted zip file that, when extracted by the application, causes files outside the intended extraction directory to be overwritten. This flaw leads to arbitrary file write and can enable privilege escalation if the application runs with elevated privileges. The weakness is a typical path traversal issue, identified as CWE\u201122.", "risk_and_exploitability": "The reported CVSS score of\u00a08.4 signals high severity, whereas the EPSS score of less than\u00a01% denotes a very low probability of exploitation at present. The vulnerability is not cataloged in CISA KEV. Based on the description, it is inferred that an attacker must provide a maliciously crafted zip file via the application's Import or Open function. When the user or the system extracts that file, the path traversal entry writes to arbitrary locations, provided that the executing context has write permission to those paths. No authentication or network exploitation prerequisites are stated, so the attack is likely local and independent of user credentials."}}}}, "created": "2026-03-02T12:07:15.341812+00:00", "updated": "2026-04-18T10:30:35.749714+00:00", "vendors": ["google", "google$PRODUCT$web_designer"]}