CVE-2026-22685 DevToys Path Traversal (“Zip Slip”) Vulnerability in DevToys Extension Installation

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

CVE-2026-22685 DevToys Path Traversal (“Zip Slip”) Vulnerability in DevToys Extension Installation

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

CVE-2026-22685

DevToys (desktop app) has a path traversal vulnerability in its extension installation for versions 2.0.0.0–2.0.8.x, where processing NUPKG archives does not validate file paths, allowing crafted entries like ../../…/target-file to write outside the intended extensions directory. This could overw...

DevToys 路径遍历漏洞

DevToys is a developer toolkit for DevToys open source. A path traversal vulnerability exists in DevToys version 2.0.0.0 through versions prior to 2.0.9.0, which stems from insufficient path validation in the extension installation mechanism, and could lead to arbitrary file overwriting and code...

PT-2026-2240

Name of the Vulnerable Software and Affected Versions DevToys versions 2.0.0.0 through 2.0.8.0 Description DevToys, a desktop application for developers, contains a path traversal flaw in its extension installation process. When handling extension packages NUPKG archives, the application...