CVE-2026-44882: Archive Targz Go Cwe 000 Cve 2026 44882
Path traversal vulnerability (TarSlip/ZipSlip) when extracting archives. Extracting files from an archive (tar or zip) without validating the target path can lead to writing files outside the intended base directory. The standard library 'filepath.Join' evaluates '../' directory traversal sequences natively and does not guard against escaping the target dire
greprules fetch cve-2026-44882-archive-targz-go-cwe-000-cve-2026-44882 --engine opengrepDescription
Path traversal vulnerability (TarSlip/ZipSlip) when extracting archives. Extracting files from an archive (tar or zip) without validating the target path can lead to writing files outside the intended base directory. The standard library 'filepath.Join' evaluates '../' directory traversal sequences natively and does not guard against escaping the target dire
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.