CVE 9.1 CRITICAL

Zip Slip in MarkUs config upload allowing RCE_CVE-2026-25057

February 9, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (courses/<:course_id>/assignments/upload_config_files). The uploaded zip file entry names are used to create paths to write files to disk without checking these paths. This vulnerability is fixed in 2.9.1.

AI Analysis

Zip Slip vulnerability in MarkUs config upload allowing Remote Code Execution (RCE)

Basic Information

ID CVE-2026-25057

Source GitHub_M

Published Feb 9, 2026 at 19:16

Affected Product

Vendor MarkUsProject

Product Markus

Version < 2.9.1

Affected Versions MarkUsProject Markus < 2.9.1

CWE Classification

CWE-23

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor MarkUsProject

Product Markus

Version < 2.9.1

References

{
    "lastseen": "",
    "description": "MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (courses/<:course_id>/assignments/upload_config_files). The uploaded zip file entry names are used to create paths to write files to disk without checking these paths. This vulnerability is fixed in 2.9.1.",
    "published": "2026-02-09T19:16:55.980Z",
    "modified": "2026-02-09T19:16:55.980Z",
    "type": "cve",
    "title": "Zip Slip in MarkUs config upload allowing RCE",
    "source": "GitHub_M",
    "references": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-mccg-p332-252h\nhttps://github.com/MarkUsProject/Markus/commit/0ca002a1f0071c7a00dbb2ed34fede57323c5dc7\nhttps://github.com/MarkUsProject/Markus/releases/tag/v2.9.1",
    "id": "CVE-2026-25057",
    "bulletinFamily": "",
    "cwe": [
        "CWE-23"
    ],
    "cvelist": null,
    "sourceData": "MarkUsProject Markus < 2.9.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Markus",
    "version": "< 2.9.1",
    "vendor": "MarkUsProject",
    "ai_description": "Zip Slip vulnerability in MarkUs config upload allowing Remote Code Execution (RCE)",
    "ai_severity": "Critical",
    "ai_vendor": "MarkUsProject",
    "ai_product": "Markus",
    "ai_version": "< 2.9.1",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply