CVE-2026-44695: Archive Manifest Path Traversal
Constructing file paths by joining an untrusted property from an array/iterable (such as an archive manifest) can lead to Path Traversal vulnerabilities if the property contains characters like `../`. When these paths are passed to filesystem read operations, it results in arbitrary file read. Iterate and extract buffer streams securely instead of writing un
TSgreprules fetch cve-2026-44695-archive-manifest-path-traversal --engine opengrepDescription
Constructing file paths by joining an untrusted property from an array/iterable (such as an archive manifest) can lead to Path Traversal vulnerabilities if the property contains characters like `../`. When these paths are passed to filesystem read operations, it results in arbitrary file read. Iterate and extract buffer streams securely instead of writing un
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0