CVE-2026-55477

Source
https://cve.org/CVERecord?id=CVE-2026-55477
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55477.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-55477
Aliases
  • GHSA-jm48-m3rr-9hgg
Published
2026-06-25T15:00:36.360Z
Modified
2026-07-15T01:48:50.668136413Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Authenticated Arbitrary File Write via Database Import and Xray Log Path Manipulation
Details

3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code execution and persistent access as the user running Xray (including root when Xray is running as root). This vulnerability is fixed in 3.3.1.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55477.json",
    "cwe_ids": [
        "CWE-73"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/mhsanaei/3x-ui

Affected ranges

Type
GIT
Repo
https://github.com/mhsanaei/3x-ui
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.3.1"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

v1.*
v1.0.8
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.2.0
v1.2.2
v1.2.3
v1.2.4
v1.2.6
v1.2.7
v1.2.8
v1.3.0
v1.3.2
v1.3.3
v1.3.4
v1.4.0
v1.4.1
v1.4.5
v1.4.6
v1.5.0
v1.6.0
v1.6.1
v1.7.0
v1.7.5
v1.7.9
v2.*
v2.0.1
v2.1.1
v2.1.3
v2.2.1
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.3.0
v2.3.1
v2.3.10
v2.3.11
v2.3.12
v2.3.13
v2.3.14
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.1
v2.4.10
v2.4.11
v2.4.2
v2.4.3
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.7.0
v2.8.0
v2.8.1
v2.8.10
v2.8.11
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.1.0
v3.2.0
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.3.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55477.json"