CVE-2026-25964

MEDIUM

Tandoor Recipes <2.5.1 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-25964. PoCs published by XiaomingX, drkim-dev.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2026-25964, an authenticated local file disclosure vulnerability in Tandoor Recipes. The exploit leverages path traversal in the RecipeImport workflow to read arbitrary files on the server.

Description

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This vulnerability stems from a lack of input validation in the file_path parameter and insufficient checks in the Local storage backend, enabling an attacker to bypass storage directory restrictions and access sensitive system files (e.g., /etc/passwd) or application configuration files (e.g., settings.py), potentially leading to full system compromise. This vulnerability is fixed in 2.5.1.

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-25964

View Code ZIP pw:eip

This repository contains a functional proof-of-concept for CVE-2026-25964, an authenticated local file disclosure vulnerability in Tandoor Recipes. The exploit leverages path traversal in the RecipeImport workflow to read arbitrary files on the server.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Tandoor Recipes ≤ 2.5.0

Auth required

Prerequisites: Authenticated user account with recipe import permissions

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WRITEUP 1 stars

by drkim-dev · poc

https://github.com/drkim-dev/CVE-2026-25964

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-25964, an authenticated local file disclosure vulnerability in Tandoor Recipes. It includes a thorough breakdown of the vulnerability, affected code, and step-by-step proof-of-concept instructions.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Tandoor Recipes ≤ 2.5.0

Auth required

Prerequisites: Authenticated user account with recipe import permissions

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 17, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-6485-jr28-52xx

Patch x_refsource_misc

https://github.com/TandoorRecipes/recipes/commit/f7f3524609451ab0b5a4fd760ad0af147d8ed794

View Patch ZIP pw:eip

Product, Release Notes x_refsource_misc

https://github.com/TandoorRecipes/recipes/releases/tag/2.5.1

Scores

CVSS v3 4.9

EPSS 0.0042

EPSS Percentile 33.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-73 CWE-22

Status published

Products (1)

tandoor/recipes < 2.5.1

Published Feb 13, 2026

Tracked Since Feb 18, 2026