EUVD-2026-10497

🗓️ 10 Mar 2026 18:31:22Reported by EUVDType

ZIP archives can escape extraction during Vaadin Node.js download; upgrade affected versions or preinstall.

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2026-2741	10 Mar 202612:08	–	attackerkb
CNNVD	vaadin 安全漏洞	10 Mar 202600:00	–	cnnvd
CVE	CVE-2026-2741	10 Mar 202612:08	–	cve
Cvelist	CVE-2026-2741 Zip Slip Path Traversal on Node Unpack	10 Mar 202612:08	–	cvelist
EUVD	EUVD-2026-10496	10 Mar 202618:31	–	euvd
Github Security Blog	Vaadin: Specially crafted ZIP archives can escape the intended extraction directory	10 Mar 202618:31	–	github
NVD	CVE-2026-2741	10 Mar 202618:18	–	nvd
OSV	CVE-2026-2741	10 Mar 202618:18	–	osv
OSV	GHSA-8JRH-7JG8-FVMV Vaadin: Specially crafted ZIP archives can escape the intended extraction directory	10 Mar 202618:31	–	osv
Positive Technologies	PT-2026-24205	10 Mar 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "d50e3207-5434-3c74-9cab-ca8c0e90025f",
        "vendor": {
          "name": "Vaadin"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "027442f7-7580-3d36-bc3d-228291483cc9",
        "product": {
          "name": "Flow"
        },
        "product_version": "25.0.0 ≤25.0.2"
      },
      {
        "id": "110bf517-2c92-3c2d-af09-9acd97ebd8ca",
        "product": {
          "name": "Flow"
        },
        "product_version": "14.2.0 ≤14.14.0"
      },
      {
        "id": "26d2d9eb-eb32-3ee2-9b43-5667e17804ff",
        "product": {
          "name": "Flow"
        },
        "product_version": "24.0.0 ≤24.9.8"
      },
      {
        "id": "76ce4040-3f4b-3998-9b53-7f5cc77cd74f",
        "product": {
          "name": "Flow"
        },
        "product_version": "23.0.0 ≤23.6.6"
      }
    ]
  }
]

Source	Link
vaadin	www.vaadin.com/security/cve-2026-2741
github	www.github.com/vaadin/flow/pull/23125
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-2741
github	www.github.com/vaadin/flow/pull/23130
github	www.github.com/vaadin/flow/pull/23131
github	www.github.com/vaadin/flow/pull/23133
github	www.github.com/vaadin/flow/pull/23135

10 Mar 2026 18:31Current

5.8Medium risk

Vulners AI Score5.8

CVSS 42.3

EPSS0.00342

SSVC