CVE-2026-58165: OpenZiti privilege escalation via overpermissive enrollment creation
CVE-2026-58165 is verified against the affected target vulnerability class: Privilege Escalation This high reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00237.
pruva-verify REPRO-2026-00237 curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00237/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh OpenZiti through 2.0.0 allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default admin, leading to privilege escalation. Reproduce: deploy an OpenZiti controller from a vulnerable version, create a low-privileged identity with enrollment management permissions, and use the API to create an enrollment for the admin identity. Authenticate with the resulting enrollment to gain admin access.
Variant analysis
The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.
Loading session...
Scripts, logs, diffs, and output captured during the reproduction.