CVE-2026-44788
EUVD-2026-3201326.05.2026, 22:16
SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file writes by chaining with a symlink entry, giving a full write primitive on the target filesystem subject to the permissions of the running process.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| adamhathcock | sharpcompress | 𝑥 ≤ 0.47.4 |
𝑥
= Vulnerable software versions