CVE-2026-44885: Archive Directory Traversal Slip

Potential Tar/Zip Slip vulnerability. Extracting archive entry names into `filepath.Join` or `path.Join` can lead to directory traversal. Use securely bounded join functions.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0

Go^β

greprules fetch cve-2026-44885-archive-directory-traversal-slip --engine opengrep

Description

Potential Tar/Zip Slip vulnerability. Extracting archive entry names into `filepath.Join` or `path.Join` can lead to directory traversal. Use securely bounded join functions.

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 145 downloads
0 direct145 via packs
· 0 stars · Quality score 81How quality works
Included packs: 2 packs

Community feedback

0 signals from signed-in users.

Useful: 0
False positive: 0
Metadata: 0