CVE-2026-44788
Path Traversal and Arbitrary File Write in SharpCompress
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sharpcompress | sharpcompress | to 0.47.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the SharpCompress library, a C# library used for handling various compression formats. In versions 0.47.4 and earlier, there is a path traversal flaw in the IArchive.WriteToDirectory() function. This flaw allows a maliciously crafted archive to create directories outside the intended extraction folder.
For TAR archives specifically, this vulnerability can be exploited further by chaining it with a symbolic link entry, enabling arbitrary file writes on the target filesystem. The ability to write files depends on the permissions of the process running the extraction.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized file creation or modification outside the intended extraction directory. An attacker could potentially overwrite critical system or application files if the process has sufficient permissions.
Such unauthorized writes could compromise system integrity, lead to privilege escalation, or enable further attacks by placing malicious files on the system.