{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/data-science/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.1,"id":"CVE-2026-43637"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Cornac \u003c 2.6.0"],"_cs_severities":["high"],"_cs_tags":["vulnerability","path-traversal","tar-slip","data-science","python"],"_cs_type":"advisory","_cs_vendors":["Cornac"],"content_html":"\u003cp\u003eCVE-2026-43637 details a critical path traversal vulnerability, also known as 'Tar Slip', affecting Cornac versions prior to 2.6.0. Attackers can exploit this by crafting a malicious TAR archive that includes path manipulation sequences such as \u003ccode\u003e../\u003c/code\u003e (dot-dot-slash), absolute paths, or symbolic/hard links. When Cornac's built-in dataset loaders automatically download and extract such an archive, the \u003ccode\u003e_extract_archive()\u003c/code\u003e function within \u003ccode\u003ecornac/utils/download.py\u003c/code\u003e invokes \u003ccode\u003earchive.extractall()\u003c/code\u003e, which fails to properly sanitize these paths. This flaw allows the attacker to write arbitrary files to locations on the filesystem accessible to the running Cornac process, bypassing the intended cache directory restrictions. The vulnerability has a CVSS v3.1 base score of 9.1, indicating a high severity risk due to the potential for significant system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker creates a malicious TAR archive containing files with path traversal sequences (e.g., \u003ccode\u003e../../etc/evil.sh\u003c/code\u003e, \u003ccode\u003e/usr/local/bin/backdoor\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe malicious TAR archive is distributed or made accessible to a system running a vulnerable version of Cornac.\u003c/li\u003e\n\u003cli\u003eA Cornac application, utilizing built-in dataset loaders, initiates a process to download and extract a dataset archive.\u003c/li\u003e\n\u003cli\u003eThe malicious TAR archive is downloaded and supplied to Cornac's \u003ccode\u003e_extract_archive()\u003c/code\u003e function for processing.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003earchive.extractall()\u003c/code\u003e method is invoked on the malicious archive without proper validation of file paths within the archive.\u003c/li\u003e\n\u003cli\u003eDue to the path traversal vulnerability, files from the archive are written by the Cornac process to arbitrary locations on the filesystem, outside the intended cache directory.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation can lead to overwriting critical system files, planting malicious executables, achieving persistence, or potentially leading to remote code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-43637 allows an attacker to perform arbitrary file writes on the host system, which can have severe consequences. Depending on the attacker's objectives and the privileges of the Cornac process, this can lead to system compromise, data corruption, privilege escalation, or even remote code execution. Overwriting or creating files in critical system directories could render the system inoperable, facilitate persistent access, or allow the execution of attacker-controlled code. The high CVSS score of 9.1 reflects the critical nature of this vulnerability, indicating potential for complete loss of confidentiality, integrity, and availability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-43637 immediately by upgrading Cornac to version 2.6.0 or later on all affected systems.\u003c/li\u003e\n\u003cli\u003eMonitor process creation logs for unexpected file write operations, especially those originating from Cornac processes, to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement file integrity monitoring on critical system directories and executables to detect unauthorized modifications that could result from arbitrary file writes.\u003c/li\u003e\n\u003cli\u003eRestrict the permissions of user accounts running Cornac applications to the minimum necessary to limit the potential impact of file write vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-15T14:42:17Z","date_published":"2026-07-15T14:42:17Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cornac-tar-slip-cve-2026-43637/","summary":"A path traversal vulnerability, dubbed 'Tar Slip' and tracked as CVE-2026-43637, exists in Cornac versions prior to 2.6.0, allowing attackers to write arbitrary files outside the intended cache directory by supplying a specially crafted TAR archive containing path manipulation sequences, which is then processed by built-in dataset loaders.","title":"Cornac Tar Slip Vulnerability Allows Arbitrary File Writes via Path Traversal (CVE-2026-43637)","url":"https://feed.craftedsignal.io/briefs/2026-07-cornac-tar-slip-cve-2026-43637/"}],"language":"en","title":"CraftedSignal Threat Feed - Data-Science","version":"https://jsonfeed.org/version/1.1"}