CVE-2026-3223 PUBLISHED

Zip Slip leading to Arbitrary File Write and Privilege Escalation in Google Web Designer

Assigner: Google
Reserved: 25.02.2026 Published: 27.02.2026 Updated: 27.02.2026

Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.4

Product Status

Vendor Google
Product Web Designer
Versions Default: unaffected
  • affected from 0 to 14.2.2.0 (excl.)

References

Problem Types

  • CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE

Impacts

  • CAPEC-233 Privilege Escalation
  • CAPEC-165 File Manipulation