CVE-2026-8387
Received Received - Intake

Path Traversal in ClearML Prior to 2.1.6

Vulnerability report for CVE-2026-8387, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: huntr.dev

Description

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting `.zip` archives using the `ZipFile.extractall()` method in `StorageManager._extract_to_cache()`. This issue arises due to the lack of path traversal validation, enabling an attacker to write arbitrary files to the filesystem. Attack vectors include dataset downloads, artifact downloads, model downloads, and offline session imports. The vulnerability can lead to remote code execution through methods such as cron job injection, SSH key overwrite, or web shell deployment. The issue is resolved in version 2.1.6.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
allegroai clearml to 1.16.5 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-8387 is a path traversal vulnerability in allegroai/clearml versions up to 1.16.5. It occurs when extracting .zip archives using the ZipFile.extractall() method in the StorageManager._extract_to_cache() function. Because the software does not properly validate file paths during extraction, an attacker can craft malicious archive files that write files outside the intended extraction directory.

This allows an attacker to write arbitrary files anywhere on the filesystem, potentially leading to remote code execution by injecting cron jobs, overwriting SSH keys, or deploying web shells.

The vulnerability was fixed in version 2.1.6 by refactoring the archive extraction logic to validate file paths before extraction and prevent path traversal and symlink escape attempts.

Impact Analysis

This vulnerability can have serious impacts including unauthorized file writes on your system, which can lead to remote code execution.

  • An attacker could inject malicious cron jobs to execute arbitrary commands on your system.
  • They could overwrite SSH keys, potentially allowing unauthorized access.
  • Deployment of web shells could allow persistent remote control over your system.
Detection Guidance

Detection of this vulnerability involves identifying attempts of path traversal during archive extraction, particularly with ZIP or TAR files used by ClearML. The updated ClearML codebase includes functions such as `flag_path_traversal_vulnerability` and `flag_symlink_escape_vulnerability` that detect and prevent path traversal and symlink escape attempts.

While no specific commands are provided in the resources, monitoring for unusual file writes outside expected directories during dataset, artifact, or model downloads could indicate exploitation attempts.

Additionally, reviewing logs for extraction operations and checking for files written outside the intended cache or extraction directories may help detect exploitation.

Mitigation Strategies

The primary mitigation step is to upgrade allegroai/clearml to version 2.1.6 or later, where the vulnerability has been fixed by refactoring the archive extraction logic to validate file paths and prevent path traversal.

Until the upgrade can be applied, avoid extracting untrusted ZIP or TAR archives using vulnerable versions of ClearML, especially from unverified sources.

Implement monitoring for suspicious file writes outside expected directories and consider restricting permissions on directories used for extraction to limit potential damage.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8387. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart