CVE-2026-43637 in cornacИнформация

Сводка

по MITRE • 15.07.2026

Cornac before 2.6.0 contains a path traversal (Tar Slip) vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the _extract_archive() function in cornac/utils/download.py. Attackers can trigger this vulnerability through the built-in dataset loaders, which automatically download and extract archives, causing archive.extractall() to write files to arbitrary locations on the filesystem accessible to the running process.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Ответственный

VulnCheck

Резервировать

01.05.2026

Раскрытие

15.07.2026

Модерация

принято

Вход

VDB-379263

EPSS

0.00000

KEV

Нет

Деятельности

Очень низкий

Источники

Want to stay up to date on a daily basis?

Enable the mail alert feature now!