CVE-2026-44705 tmp: Path Traversal via unsanitized prefix/postfix enables directory escape

tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ....

PT-2026-48678

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....

GHSA-PH9P-34F9-6G65 tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape

Summary The tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ../ or path separators in these parameters, attackers can cause file...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized input in the prefix, postfix, or dir parameters during path construction. An attacker can create files outside the intended temporary directory, potentially overwriting or placing files in sensitive...