dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

CVE-2026-48129

Kestra is an open-source, event-driven orchestration platform. Prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, Kestra task inputFiles writes rendered file names directly under the task working directory. When a flow forwards untrusted execution or webhook data into an inputFiles file name, ...

EUVD-2026-37866

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations...

CVE-2026-40987

CVE-2026-40987 affects Spring Integration across multiple tracked branches (7.0.0–7.0.4, 6.5.0–6.5.8, 6.4.0–6.4.11, 6.3.0–6.3.14, 5.5.0–5.5.20). The connected documents describe a vulnerability where a malicious or compromised FTP/SFTP/SMB server can cause the client to write arbitrary files anyw...

SUSE CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

CVE-2026-44307

A flaw was found in Mako, a Python template library. A remote attacker could exploit a directory traversal vulnerability by crafting a Uniform Resource Identifier URI with backslash traversal. This bypasses security checks, allowing the attacker to read files outside the intended template...

CVE-2026-10732

All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...

PT-2026-49599

Impact skillctl 0.1.0 and 0.1.1 contained four path-safety vulnerabilities that, in combination, allowed an attacker to: 1. Exfiltrate arbitrary files on the operator's machine by publishing a malicious skills library containing a symlink inside a skill folder e.g. niania →...

CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

CVE-2026-7774

The CVE-2026-7774 entry concerns tarfile.data_filter in Python's tarfile handling. Crafted link entries, including symlinks with empty or directory-like names, can bypass checks to cause tarfile.extractall() to write files outside the intended extraction directory, limited by the extractor's perm...

Linux Distros Unpatched Vulnerability : CVE-2026-7774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outsid...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : tar-fs vulnerabilities (USN-8367-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8367-1 advisory. It was discovered that tar-fs did not properly limit paths when extracting crafted tar files. An attacker could possibly use this iss...

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

Path Traversal

lsfusion.platform, web-client is vulnerable to Path Traversal. The vulnerability is due to improper validation of the sid argument in the UploadFileRequestHandler component, which allows a remote attacker to perform path traversal by manipulating the parameter and accessing files outside the...

CVE-2026-45403

Summary of CVE-2026-45403 : AnythingLLM’s agent filesystem copy tool (prior to v1.13.0) validates only the top-level source/destination. The recursive copy helper traverses child entries with fs.stat() and copies via fs.copyFile() without validating each child or rejecting symlinks. A symlink ins...

PT-2026-44118

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO is an open-source framework for intelligent automation across devices and platforms. The software uses the user-controlled task name value directly when constructing session log...

UBUNTU-CVE-2026-42496

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...

CVE-2026-42497

Archive::Tar for Perl versions before 3.08 contains a path traversal via hardlinks: _make_special_file() passes the tar header linkname to link() without validating absolute paths or .. segments, allowing a hardlink to attacker-controlled targets outside the extraction directory. A follow-up writ...

CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...