Skip to main content

Cornac

1 CVEs product

Monthly

CVE-2026-43637 HIGH PATCH This Week

Arbitrary file write in Cornac's dataset-download utility (all versions before 2.6.0) lets an attacker who controls a downloaded TAR archive place files anywhere the Python process can write, because the _extract_archive() helper in cornac/utils/download.py calls archive.extractall() without validating member paths. Since Cornac's built-in dataset loaders automatically fetch and unpack archives, a poisoned or MITM'd dataset archive containing ../ traversal, absolute paths, or symlink/hardlink entries can overwrite sensitive files and potentially achieve code execution. VulnCheck reported the issue; no public exploit identified at time of analysis and it is not in CISA KEV.

Path Traversal Cornac
NVD GitHub
CVSS 4.0
8.8
EPSS
0.4%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary file write in Cornac's dataset-download utility (all versions before 2.6.0) lets an attacker who controls a downloaded TAR archive place files anywhere the Python process can write, because the _extract_archive() helper in cornac/utils/download.py calls archive.extractall() without validating member paths. Since Cornac's built-in dataset loaders automatically fetch and unpack archives, a poisoned or MITM'd dataset archive containing ../ traversal, absolute paths, or symlink/hardlink entries can overwrite sensitive files and potentially achieve code execution. VulnCheck reported the issue; no public exploit identified at time of analysis and it is not in CISA KEV.

Path Traversal Cornac
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy