CVE-2026-40491 in gdownजानकारी

सारांश

द्वारा MITRE • 18/04/2026

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members. This allow files to be written outside the intended destination directory, potentially leading to arbitrary file overwrite and Remote Code Execution (RCE). Version 5.2.2 contains a fix.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

जिम्मेदार

GitHub M

आरक्षित करना

13/04/2026

प्रकटीकरण

18/04/2026

संयम

स्वीकृत

प्रविष्टि

VDB-358148

CPE

तैयार

CWE

CWE-22 (पुष्टि की गई)

CVSS

6.5 (CNA)

EPSS

0.00077

KEV

नहीं

गतिविधियाँ

बहुत कम

स्रोत

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-40491
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-40491
CVE Details	https://www.cvedetails.com/cve/CVE-2026-40491/

◂ पिछला सिंहावलोकन अगला ▸

Might our Artificial Intelligence support you?

Check our Alexa App!