CVE-2026-40491

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

CVE-2026-40491

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

DEBIAN-CVE-2026-40491

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

UBUNTU-CVE-2026-40491

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

CVE-2026-40491

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

CVE-2026-40491

CVE-2026-40491 affects the gdown library (Python) prior to 5.2.2. A path traversal flaw in the extractall function fails to sanitize archive member filenames, allowing files to be written outside the destination directory and potentially enabling arbitrary file overwrite and Remote Code Execution...

EUVD-2026-23642

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

CVE-2026-40491 gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

CVE-2026-40491 gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

gdown 安全漏洞

gdown is a Google Drive file download tool developed by Kentaro Wada. Versions of gdown prior to 5.2.2 contained security vulnerabilities; these vulnerabilities stemmed from the extractall function’s path traversal vulnerability, which could lead to arbitrary file overwriting and remote code...

Linux Distros Unpatched Vulnerability : CVE-2026-40491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. Wh...

accutuning-helpers (>=1.0.32 <=1.0.33), adaptnlp (>=0.3.0 <=0.3.7) +239 more potentially affected by CVE-2026-40491 via gdown (>=3.11.0 <=5.2.1)

gdown PYPI version =3.11.0, =1.0.32, =0.3.0, =0.0.0, =0.2.0, =0.0.2, =1.14.0, =0.4.0, =0.1.1, =0.0.1, =1.2.14 and more Source cves: CVE-2026-40491 Source advisory: OSV:GHSA-76HW-P97H-883F...

gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall

Summary The gdown library tested on v5.2.1 is vulnerable to a Path Traversal attack within its extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members. This allow files to be written outside...

adversarial-insight-ml (=0.2.1), aiagents4pharma (>=0.0.0 <=1.49.1) +92 more potentially affected by CVE-2026-40491 via gdown (>=5.0.0 <=5.2.1)

gdown PYPI version =5.0.0, =0.0.0, =0.2.3, =0.4.0, =0.0.1, =0.2.2, =1.8.1, =0.2.1, =0.1.1, =0.0.1, =0.2.1 and more Source cves: CVE-2026-40491 Source advisory: SNYK:PYTHON-GDOWN-16540585...

GHSA-76HW-P97H-883F gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall

Summary The gdown library tested on v5.2.1 is vulnerable to a Path Traversal attack within its extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members. This allow files to be written outside...

PT-2026-33220

Name of the Vulnerable Software and Affected Versions gdown versions prior to 5.2.2 Description A Path Traversal issue exists within the extractall function in the gdown/extractall.py file. The software fails to sanitize or validate the filenames of members within ZIP or TAR archives during...