CVE-2026-3223

HIGH

Google Web Designer - Privilege Escalation

Title source: llm
STIX 2.1

Description

Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0000
EPSS Percentile 0.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-22
Status published
Products (2)
Google/Web Designer < 14.2.2.0
google/web_designer 14.2.2.0
Published Feb 27, 2026
Tracked Since Feb 27, 2026