Compressing

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-24884 HIGH POC PATCH This Week

Compressing library versions 1.10.3 and prior, and 2.0.0 fail to validate symbolic link targets during TAR archive extraction, allowing attackers to write files to arbitrary locations on the filesystem. Public exploit code exists for this vulnerability, which could enable overwriting critical system files or establishing persistence. Patched versions 1.10.4 and 2.0.1 are available.

Path Traversal Compressing

NVD GitHub

CVSS 3.1

8.4

EPSS

0.0%

CVE-2026-24884

EPSS 0% CVSS 8.4

HIGH POC PATCH This Week

Compressing library versions 1.10.3 and prior, and 2.0.0 fail to validate symbolic link targets during TAR archive extraction, allowing attackers to write files to arbitrary locations on the filesystem. Public exploit code exists for this vulnerability, which could enable overwriting critical system files or establishing persistence. Patched versions 1.10.4 and 2.0.1 are available.

Path Traversal Compressing

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy