=== CVE-2026-58165 Variant Reproduction === ROOT=/data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle PROJECT_CACHE_DIR=/data/pruva/project-cache/92b8f1e5-395e-41fd-8f92-ae0d5f2888dc REPO=/data/pruva/project-cache/92b8f1e5-395e-41fd-8f92-ae0d5f2888dc/repo LOG_FILE=/data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/logs/vuln_variant/reproduction_steps.log go version go1.26.4 linux/amd64 Resolving commits... VULN_COMMIT=c2e6c8ee3da42321ef22442c8d25d0413caf4a4f ORIGINAL_FIX_COMMIT=3027fdffd3e57884487b7c46e5e669cfbc8becdf LATEST_COMMIT=45b5046f5259e685d7d99e54564c7e38eec9f1f7 Verifying patch presence... Original fixed commit contains enrollment_router.go patch. Vulnerable commit does not contain the expected patch. === Running variant vulnerable (c2e6c8ee3da42321ef22442c8d25d0413caf4a4f) === Previous HEAD position was 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 HEAD is now at c2e6c8ee3 Merge pull request #3917 from openziti/convert-router-forwarder Running go test... WARNING: vulnerable test exited non-zero; inspecting result file Result file: cat: /data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/vuln_variant/vulnerable_result.json: No such file or directory (no result file) === Running variant original_fix (3027fdffd3e57884487b7c46e5e669cfbc8becdf) === Previous HEAD position was c2e6c8ee3 Merge pull request #3917 from openziti/convert-router-forwarder HEAD is now at 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 Running go test... WARNING: original_fix test exited non-zero; inspecting result file Result file: cat: /data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/vuln_variant/original_fix_result.json: No such file or directory (no result file) === Running variant latest (45b5046f5259e685d7d99e54564c7e38eec9f1f7) === Previous HEAD position was 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 HEAD is now at 45b5046f5 fixes openziti/ziti#4071 unify router capabilities into one shared namespace (#4073) Running go test... WARNING: latest test exited non-zero; inspecting result file Result file: cat: /data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/vuln_variant/latest_result.json: No such file or directory (no result file) jq: error: Could not open file /data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/vuln_variant/vulnerable_result.json: No such file or directory === CVE-2026-58165 Variant Reproduction === ROOT=/data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle PROJECT_CACHE_DIR=/data/pruva/project-cache/92b8f1e5-395e-41fd-8f92-ae0d5f2888dc REPO=/data/pruva/project-cache/92b8f1e5-395e-41fd-8f92-ae0d5f2888dc/repo LOG_FILE=/data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/logs/vuln_variant/reproduction_steps.log go version go1.26.4 linux/amd64 Resolving commits... VULN_COMMIT=c2e6c8ee3da42321ef22442c8d25d0413caf4a4f ORIGINAL_FIX_COMMIT=3027fdffd3e57884487b7c46e5e669cfbc8becdf LATEST_COMMIT=45b5046f5259e685d7d99e54564c7e38eec9f1f7 Verifying patch presence... Original fixed commit contains enrollment_router.go patch. Vulnerable commit does not contain the expected patch. === Running variant vulnerable (c2e6c8ee3da42321ef22442c8d25d0413caf4a4f) === HEAD is now at c2e6c8ee3 Merge pull request #3917 from openziti/convert-router-forwarder Running go test... WARNING: vulnerable test exited non-zero; inspecting result file Result file: { "admin_identity_id": "7af4uKZDRJ", "user_identity_id": "eah4uGlD7J", "admin_enrollment_id": "5NZtj71vdKqvF0eKqYdVIh", "variant_ott_ca_status": 201, "variant_ott_ca_blocked": false, "variant_updb_status": 201, "variant_updb_blocked": false, "variant_list_leak_leaked": false, "variant_list_leak_blocked": false, "variant_detail_status": 0, "variant_detail_blocked": false, "variant_refresh_status": 0, "variant_refresh_blocked": false, "variant_delete_status": 0, "variant_delete_blocked": false, "variant_residual_redeem_status": 0, "variant_residual_redeem_worked": false, "vulnerable": false, "fixed": false, "notes": "" } === Running variant original_fix (3027fdffd3e57884487b7c46e5e669cfbc8becdf) === Previous HEAD position was c2e6c8ee3 Merge pull request #3917 from openziti/convert-router-forwarder HEAD is now at 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 Running go test... WARNING: original_fix test exited non-zero; inspecting result file Result file: cat: /data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/vuln_variant/original_fix_result.json: No such file or directory (no result file) === Running variant latest (45b5046f5259e685d7d99e54564c7e38eec9f1f7) === Previous HEAD position was 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 HEAD is now at 45b5046f5 fixes openziti/ziti#4071 unify router capabilities into one shared namespace (#4073) Running go test... WARNING: latest test exited non-zero; inspecting result file Result file: cat: /data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/vuln_variant/latest_result.json: No such file or directory (no result file) jq: error: Could not open file /data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/vuln_variant/original_fix_result.json: No such file or directory === CVE-2026-58165 Variant Reproduction === ROOT=/data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle PROJECT_CACHE_DIR=/data/pruva/project-cache/92b8f1e5-395e-41fd-8f92-ae0d5f2888dc REPO=/data/pruva/project-cache/92b8f1e5-395e-41fd-8f92-ae0d5f2888dc/repo LOG_FILE=/data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/logs/vuln_variant/reproduction_steps.log go version go1.26.4 linux/amd64 Resolving commits... VULN_COMMIT=c2e6c8ee3da42321ef22442c8d25d0413caf4a4f ORIGINAL_FIX_COMMIT=3027fdffd3e57884487b7c46e5e669cfbc8becdf LATEST_COMMIT=45b5046f5259e685d7d99e54564c7e38eec9f1f7 Verifying patch presence... Original fixed commit contains enrollment_router.go patch. Vulnerable commit does not contain the expected patch. === Running variant vulnerable (c2e6c8ee3da42321ef22442c8d25d0413caf4a4f) === Previous HEAD position was 45b5046f5 fixes openziti/ziti#4071 unify router capabilities into one shared namespace (#4073) HEAD is now at c2e6c8ee3 Merge pull request #3917 from openziti/convert-router-forwarder Running go test... Result file: { "admin_identity_id": "0vEkqYr3vw", "user_identity_id": "4jEkJHruc", "admin_enrollment_id": "3FcfP3YQ4QY65eclUaTJXE", "variant_ott_ca_status": 201, "variant_ott_ca_blocked": false, "variant_updb_status": 201, "variant_updb_blocked": false, "variant_list_leak_leaked": true, "variant_list_leak_blocked": false, "variant_detail_status": 200, "variant_detail_blocked": false, "variant_refresh_status": 200, "variant_refresh_blocked": false, "variant_delete_status": 200, "variant_delete_blocked": false, "variant_residual_redeem_status": 404, "variant_residual_redeem_worked": false, "vulnerable": true, "fixed": false, "notes": "At least one variant succeeded, indicating incomplete patch coverage." } === Running variant original_fix (3027fdffd3e57884487b7c46e5e669cfbc8becdf) === Previous HEAD position was c2e6c8ee3 Merge pull request #3917 from openziti/convert-router-forwarder HEAD is now at 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 Running go test... WARNING: original_fix test exited non-zero; inspecting result file Result file: cat: /data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/vuln_variant/original_fix_result.json: No such file or directory (no result file) === Running variant latest (45b5046f5259e685d7d99e54564c7e38eec9f1f7) === Previous HEAD position was 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 HEAD is now at 45b5046f5 fixes openziti/ziti#4071 unify router capabilities into one shared namespace (#4073) Running go test... WARNING: latest test exited non-zero; inspecting result file Result file: cat: /data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/vuln_variant/latest_result.json: No such file or directory (no result file) jq: error: Could not open file /data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/vuln_variant/original_fix_result.json: No such file or directory === CVE-2026-58165 Variant Reproduction === ROOT=/data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle PROJECT_CACHE_DIR=/data/pruva/project-cache/92b8f1e5-395e-41fd-8f92-ae0d5f2888dc REPO=/data/pruva/project-cache/92b8f1e5-395e-41fd-8f92-ae0d5f2888dc/repo LOG_FILE=/data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/logs/vuln_variant/reproduction_steps.log go version go1.26.4 linux/amd64 Resolving commits... VULN_COMMIT=c2e6c8ee3da42321ef22442c8d25d0413caf4a4f ORIGINAL_FIX_COMMIT=3027fdffd3e57884487b7c46e5e669cfbc8becdf LATEST_COMMIT=45b5046f5259e685d7d99e54564c7e38eec9f1f7 Verifying patch presence... Original fixed commit contains enrollment_router.go patch. Vulnerable commit does not contain the expected patch. === Running variant vulnerable (c2e6c8ee3da42321ef22442c8d25d0413caf4a4f) === Previous HEAD position was 45b5046f5 fixes openziti/ziti#4071 unify router capabilities into one shared namespace (#4073) HEAD is now at c2e6c8ee3 Merge pull request #3917 from openziti/convert-router-forwarder Running go test... Result file: { "admin_identity_id": "cUbqp8sZw", "user_identity_id": "TrbqpgsZw", "admin_enrollment_id": "44L6u4OpNf68keub572hII", "variant_ott_ca_status": 201, "variant_ott_ca_blocked": false, "variant_updb_status": 201, "variant_updb_blocked": false, "variant_list_leak_leaked": true, "variant_list_leak_blocked": false, "variant_detail_status": 200, "variant_detail_blocked": false, "variant_refresh_status": 200, "variant_refresh_blocked": false, "variant_delete_status": 200, "variant_delete_blocked": false, "variant_residual_redeem_status": 404, "variant_residual_redeem_worked": false, "vulnerable": true, "fixed": false, "notes": "At least one variant succeeded, indicating incomplete patch coverage." } === Running variant original_fix (3027fdffd3e57884487b7c46e5e669cfbc8becdf) === Previous HEAD position was c2e6c8ee3 Merge pull request #3917 from openziti/convert-router-forwarder HEAD is now at 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 Running go test... Result file: { "admin_identity_id": "gyDfuyCfQ8", "user_identity_id": "747fuyNVQ", "admin_enrollment_id": "s0MoJyAY3wv5iACJLpB5k", "variant_ott_ca_status": 401, "variant_ott_ca_blocked": true, "variant_updb_status": 401, "variant_updb_blocked": true, "variant_list_leak_leaked": false, "variant_list_leak_blocked": true, "variant_detail_status": 401, "variant_detail_blocked": true, "variant_refresh_status": 401, "variant_refresh_blocked": true, "variant_delete_status": 401, "variant_delete_blocked": true, "variant_residual_redeem_status": 400, "variant_residual_redeem_worked": false, "vulnerable": false, "fixed": true, "notes": "All tested variants were blocked by the patch." } === Running variant latest (45b5046f5259e685d7d99e54564c7e38eec9f1f7) === Previous HEAD position was 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 HEAD is now at 45b5046f5 fixes openziti/ziti#4071 unify router capabilities into one shared namespace (#4073) Running go test... Result file: { "admin_identity_id": "pts5IyQeRH", "user_identity_id": "TnieIy25.H", "admin_enrollment_id": "48LCgT84oAMbnGreAKOFxS", "variant_ott_ca_status": 401, "variant_ott_ca_blocked": true, "variant_updb_status": 401, "variant_updb_blocked": true, "variant_list_leak_leaked": false, "variant_list_leak_blocked": true, "variant_detail_status": 401, "variant_detail_blocked": true, "variant_refresh_status": 401, "variant_refresh_blocked": true, "variant_delete_status": 401, "variant_delete_blocked": true, "variant_residual_redeem_status": 400, "variant_residual_redeem_worked": false, "vulnerable": false, "fixed": true, "notes": "All tested variants were blocked by the patch." } === Summary === Vulnerable commit: vulnerable=true Original fix commit: vulnerable=false Latest main commit: fixed=true CONFIRMED: variant works on vulnerable commit and is blocked on latest main. DONE === CVE-2026-58165 Variant Reproduction === ROOT=/data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle PROJECT_CACHE_DIR=/data/pruva/project-cache/92b8f1e5-395e-41fd-8f92-ae0d5f2888dc REPO=/data/pruva/project-cache/92b8f1e5-395e-41fd-8f92-ae0d5f2888dc/repo LOG_FILE=/data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/logs/vuln_variant/reproduction_steps.log go version go1.26.4 linux/amd64 Resolving commits... VULN_COMMIT=c2e6c8ee3da42321ef22442c8d25d0413caf4a4f ORIGINAL_FIX_COMMIT=3027fdffd3e57884487b7c46e5e669cfbc8becdf LATEST_COMMIT=45b5046f5259e685d7d99e54564c7e38eec9f1f7 Verifying patch presence... Original fixed commit contains enrollment_router.go patch. Vulnerable commit does not contain the expected patch. === Running variant vulnerable (c2e6c8ee3da42321ef22442c8d25d0413caf4a4f) === Previous HEAD position was 45b5046f5 fixes openziti/ziti#4071 unify router capabilities into one shared namespace (#4073) HEAD is now at c2e6c8ee3 Merge pull request #3917 from openziti/convert-router-forwarder Running go test... Result file: { "admin_identity_id": "Qx.Po9BM8Y", "user_identity_id": "uws2C9BMA", "admin_enrollment_id": "1WRxPPKpmtWvWIpBVefXPX", "variant_ott_ca_status": 201, "variant_ott_ca_blocked": false, "variant_updb_status": 201, "variant_updb_blocked": false, "variant_list_leak_leaked": true, "variant_list_leak_blocked": false, "variant_detail_status": 200, "variant_detail_blocked": false, "variant_refresh_status": 200, "variant_refresh_blocked": false, "variant_delete_status": 200, "variant_delete_blocked": false, "variant_residual_redeem_status": 404, "variant_residual_redeem_worked": false, "vulnerable": true, "fixed": false, "notes": "At least one variant succeeded, indicating incomplete patch coverage." } === Running variant original_fix (3027fdffd3e57884487b7c46e5e669cfbc8becdf) === Previous HEAD position was c2e6c8ee3 Merge pull request #3917 from openziti/convert-router-forwarder HEAD is now at 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 Running go test... Result file: { "admin_identity_id": "5s8oWLvRe", "user_identity_id": "5YC4WTv9ZU", "admin_enrollment_id": "5mNJVlbKSJ0547rWjMr3Sn", "variant_ott_ca_status": 401, "variant_ott_ca_blocked": true, "variant_updb_status": 401, "variant_updb_blocked": true, "variant_list_leak_leaked": false, "variant_list_leak_blocked": true, "variant_detail_status": 401, "variant_detail_blocked": true, "variant_refresh_status": 401, "variant_refresh_blocked": true, "variant_delete_status": 401, "variant_delete_blocked": true, "variant_residual_redeem_status": 400, "variant_residual_redeem_worked": false, "vulnerable": false, "fixed": true, "notes": "All tested variants were blocked by the patch." } === Running variant latest (45b5046f5259e685d7d99e54564c7e38eec9f1f7) === Previous HEAD position was 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 HEAD is now at 45b5046f5 fixes openziti/ziti#4071 unify router capabilities into one shared namespace (#4073) Running go test... Result file: { "admin_identity_id": "tOfZ1yEi-j", "user_identity_id": "XOfK1yEsL7", "admin_enrollment_id": "7Xmuwl4kPibB963lRzbBsP", "variant_ott_ca_status": 401, "variant_ott_ca_blocked": true, "variant_updb_status": 401, "variant_updb_blocked": true, "variant_list_leak_leaked": false, "variant_list_leak_blocked": true, "variant_detail_status": 401, "variant_detail_blocked": true, "variant_refresh_status": 401, "variant_refresh_blocked": true, "variant_delete_status": 401, "variant_delete_blocked": true, "variant_residual_redeem_status": 400, "variant_residual_redeem_worked": false, "vulnerable": false, "fixed": true, "notes": "All tested variants were blocked by the patch." } === Summary === Vulnerable commit: vulnerable=true Original fix commit: vulnerable=false Latest main commit: fixed=true CONFIRMED: variant works on vulnerable commit and is blocked on latest main. DONE === CVE-2026-58165 Variant Reproduction === ROOT=/data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle PROJECT_CACHE_DIR=/data/pruva/project-cache/92b8f1e5-395e-41fd-8f92-ae0d5f2888dc REPO=/data/pruva/project-cache/92b8f1e5-395e-41fd-8f92-ae0d5f2888dc/repo LOG_FILE=/data/pruva/runs/d7f19659-5953-4321-a167-f693b707cbdb/bundle/logs/vuln_variant/reproduction_steps.log go version go1.26.4 linux/amd64 Resolving commits... VULN_COMMIT=c2e6c8ee3da42321ef22442c8d25d0413caf4a4f ORIGINAL_FIX_COMMIT=3027fdffd3e57884487b7c46e5e669cfbc8becdf LATEST_COMMIT=45b5046f5259e685d7d99e54564c7e38eec9f1f7 Verifying patch presence... Original fixed commit contains enrollment_router.go patch. Vulnerable commit does not contain the expected patch. === Running variant vulnerable (c2e6c8ee3da42321ef22442c8d25d0413caf4a4f) === Previous HEAD position was 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 HEAD is now at c2e6c8ee3 Merge pull request #3917 from openziti/convert-router-forwarder Running go test... Result file: { "admin_identity_id": "wXn7bK.zfH", "user_identity_id": "zog78K.Zo", "admin_enrollment_id": "14kHdl4FimQyK80PwYRyos", "variant_ott_ca_status": 201, "variant_ott_ca_blocked": false, "variant_updb_status": 201, "variant_updb_blocked": false, "variant_list_leak_leaked": true, "variant_list_leak_blocked": false, "variant_detail_status": 200, "variant_detail_blocked": false, "variant_refresh_status": 200, "variant_refresh_blocked": false, "variant_delete_status": 200, "variant_delete_blocked": false, "variant_residual_redeem_status": 404, "variant_residual_redeem_worked": false, "vulnerable": true, "fixed": false, "notes": "At least one variant succeeded, indicating incomplete patch coverage." } === Running variant original_fix (3027fdffd3e57884487b7c46e5e669cfbc8becdf) === Previous HEAD position was c2e6c8ee3 Merge pull request #3917 from openziti/convert-router-forwarder HEAD is now at 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 Running go test... Result file: { "admin_identity_id": "Jn41uUVJ2w", "user_identity_id": "N54hjU9tZG", "admin_enrollment_id": "3vd1acPZgrTMhj0zzpzPcU", "variant_ott_ca_status": 401, "variant_ott_ca_blocked": true, "variant_updb_status": 401, "variant_updb_blocked": true, "variant_list_leak_leaked": false, "variant_list_leak_blocked": true, "variant_detail_status": 401, "variant_detail_blocked": true, "variant_refresh_status": 401, "variant_refresh_blocked": true, "variant_delete_status": 401, "variant_delete_blocked": true, "variant_residual_redeem_status": 400, "variant_residual_redeem_worked": false, "vulnerable": false, "fixed": true, "notes": "All tested variants were blocked by the patch." } === Running variant latest (45b5046f5259e685d7d99e54564c7e38eec9f1f7) === Previous HEAD position was 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 HEAD is now at 45b5046f5 fixes openziti/ziti#4071 unify router capabilities into one shared namespace (#4073) Running go test... Result file: { "admin_identity_id": "ZNv34DeOo9", "user_identity_id": "i0vYnbe7o", "admin_enrollment_id": "5mLGKAaGxjNBP7mF18lIQ0", "variant_ott_ca_status": 401, "variant_ott_ca_blocked": true, "variant_updb_status": 401, "variant_updb_blocked": true, "variant_list_leak_leaked": false, "variant_list_leak_blocked": true, "variant_detail_status": 401, "variant_detail_blocked": true, "variant_refresh_status": 401, "variant_refresh_blocked": true, "variant_delete_status": 401, "variant_delete_blocked": true, "variant_residual_redeem_status": 400, "variant_residual_redeem_worked": false, "vulnerable": false, "fixed": true, "notes": "All tested variants were blocked by the patch." }Previous HEAD position was 45b5046f5 fixes openziti/ziti#4071 unify router capabilities into one shared namespace (#4073) HEAD is now at 3027fdffd Prevent enrollment-based privilege escalation to admin identities. Fixes #4010 === Summary === Vulnerable commit: vulnerable=true Original fix commit: vulnerable=false Latest main commit: fixed=true CONFIRMED: variant works on vulnerable commit and is blocked on latest main. DONE