CVE-2026-43637 in cornacinformación

Resumen

por MITRE • 2026-07-15

Cornac before 2.6.0 contains a path traversal (Tar Slip) vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the _extract_archive() function in cornac/utils/download.py. Attackers can trigger this vulnerability through the built-in dataset loaders, which automatically download and extract archives, causing archive.extractall() to write files to arbitrary locations on the filesystem accessible to the running process.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsable

VulnCheck

Reservar

2026-05-01

Divulgación

2026-07-15

Moderación

aceptado

Artículo

VDB-379263

CPE

listo

EPSS

0.00000

KEV

no

Actividades

muy bajo

Fuentes

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!