CVE-2026-33166

Description

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file (-result.json, -container.json, or .plist) that points an attachment source to a sensitive file on the host system. During report generation, Allure will resolve these paths and include the sensitive files in the final report. Version 2.38.0 fixes the issue.

CVSS Details

CVSS Score

8.6

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:qameta:allure_report:*:*:*:*:*:*:*:* - VULNERABLE

PoC / Exploit Code

No PoC code available.

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-33166
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-33166
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-33166/
[4] VulDB https://vuldb.com/cve/CVE-2026-33166
[5] https://github.com/allure-framework/allure2/security/advisories/GHSA-64hm-gfwq-jppw

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-33166", "sourceIdentifier": "[email protected]", "published": "2026-03-20T22:16:28.660", "lastModified": "2026-04-14T18:42:27.007", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file (-result.json, -container.json, or .plist) that points an attachment source to a sensitive file on the host system. During report generation, Allure will resolve these paths and include the sensitive files in the final report. Version 2.38.0 fixes the issue."}, {"lang": "es", "value": "Allure 2 es la rama 2.x de Allure Report, una herramienta de informes de pruebas multilenguaje. El generador de informes de Allure anterior a la versión 2.38.0 es vulnerable a una lectura de archivo arbitraria mediante salto de ruta al procesar los resultados de las pruebas. Un atacante puede crear un archivo de resultados malicioso (-result.json, -container.json o .plist) que apunte una fuente de adjunto a un archivo sensible en el sistema anfitrión. Durante la generación del informe, Allure resolverá estas rutas e incluirá los archivos sensibles en el informe final. La versión 2.38.0 corrige el problema."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:qameta:allure_report:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.38.0", "matchCriteriaId": "C7150AE8-CD9B-414E-9DAB-93F8466BEED6"}]}]}], "references": [{"url": "https://github.com/allure-framework/allure2/security/advisories/GHSA-64hm-gfwq-jppw", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}