Tag

Zip-Archive

2 briefs RSS

Gotenberg Path Traversal Vulnerability via Windows-Style Separators in Zip Entry Name (CVE-2026-44829)

Gotenberg is vulnerable to path traversal (CVE-2026-44829) due to improper sanitization of filenames in zip archives, allowing attackers to write files outside the intended extraction directory by using Windows-style path separators (backslashes) in uploaded filenames, affecting versions up to 8.32.0.

gotenberg/gotenberg path-traversal zip-archive cve-2026-44829

2r 1t 3w ago

medium advisory

Weblate Path Traversal Vulnerability in ZIP Download Feature (CVE-2026-34242)

2 rules 2 TTPs 1 CVE

Weblate versions before 5.17 are vulnerable to path traversal due to improper verification of downloaded files in the ZIP download feature, potentially allowing attackers to access files outside the intended repository.

weblate path-traversal zip-archive cve-2026-34242

2r 2t 1c Apr 15, 2026