CVE-2026-12565
Gravedad CVSS v3.1:
MEDIA
Tipo:
CWE-22
Limitación incorrecta de nombre de ruta a un directorio restringido (Path Traversal)
Fecha de publicación:
17/06/2026
Última modificación:
22/06/2026
Descripción
*** Pendiente de traducción *** The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools (e.g. GNU tar) which varies by platform. While CVE-2025-10284 addressed git-specific RCE vectors, the underlying archive extraction path traversal was never fixed. On systems with GNU tar
Impacto
Puntuación base 3.x
5.30
Gravedad 3.x
MEDIA



