ReportizFlow
Filtered by vendor Max-mapper
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-56876 | 1 Max-mapper | 1 Extract-zip | 2026-06-29 | 8.1 High |
| extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files. | ||||
Page 1 of 1.