Primary

Context

Wiki.js Directory Traversal Vulnerability in Local Asset Caching Modules

Vulnerability

Patched

A directory traversal vulnerability has been identified in Wiki.js versions prior to 2.5.151. This issue arises when a storage module with local asset cache fetching is enabled, such as the Local File System or Git modules. Under these conditions, a malicious user could craft a URL that exploits directory traversal, potentially allowing access to any file on the server's file system. This vulnerability could be exacerbated if no web application firewall, like Cloudflare, is in place to strip harmful URLs.

Impact

Exploitation of this vulnerability could lead to unauthorized access and reading of arbitrary files on the server's file system.

Remediation

Users can upgrade to Wiki.js version 2.5.151 or later, where this vulnerability has been patched. As an alternative, any storage module with local asset caching capabilities, such as Local File System or Git, can be disabled.

Added: Mar 11, 2026, 7:16 PM

Updated: Mar 11, 2026, 7:16 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

6.9

remediation

8.3

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

6.9

remediation

8.3

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wiki.js Directory Traversal Vulnerability in Local Asset Caching Modules

Vulnerability

Impact

Remediation

Affected Products

Requarks Wiki.js

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating