Tag
A path traversal vulnerability, dubbed 'Tar Slip' and tracked as CVE-2026-43637, exists in Cornac versions prior to 2.6.0, allowing attackers to write arbitrary files outside the intended cache directory by supplying a specially crafted TAR archive containing path manipulation sequences, which is then processed by built-in dataset loaders.