CVE-2026-22685 DevToys Path Traversal (“Zip Slip”) Vulnerability in DevToys Extension Installation

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

CVE-2026-22685

CVE-2026-22685 describes a path traversal vulnerability in DevToys versions 2.0.0.0–2.0.8.x (before 2.0.9.0) affecting the extension installation mechanism. When processing NUPKG extension archives, the product does not adequately validate archive file paths, enabling crafted entries like ../../…...

CVE-2026-22685 DevToys Path Traversal (“Zip Slip”) Vulnerability in DevToys Extension Installation

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

PT-2026-2240

Name of the Vulnerable Software and Affected Versions DevToys versions 2.0.0.0 through 2.0.8.0 Description DevToys, a desktop application for developers, contains a path traversal flaw in its extension installation process. When handling extension packages NUPKG archives, the application...

DevToys 路径遍历漏洞

DevToys is a developer toolkit for DevToys open source. A path traversal vulnerability exists in DevToys version 2.0.0.0 through versions prior to 2.0.9.0, which stems from insufficient path validation in the extension installation mechanism, and could lead to arbitrary file overwriting and code...