CyberRota
← Ana sayfaya dön

CVE-2026-12565

MEDIUM · CVSS 5.3 EPSS %0.21 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-17T23:17:02.970 · Çekilme zamanı: 2026-06-30T12:26:00.385039+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri
github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-12565
Severity
MEDIUM
CVSS
5.3
EPSS
%0.21
Ubuntu Debian Docker

Orijinal NVD Açıklaması

The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools (e.g. GNU tar) which varies by platform. While CVE-2025-10284 addressed git-specific RCE vectors, the underlying archive extraction path traversal was never fixed. On systems with GNU tar < 1.34 (Ubuntu 20.04, Debian Buster, CentOS 7, many Docker base images), a malicious archive can write files outside the intended extraction directory.