CyberRota
← Ana sayfaya dön

CVE-2026-43637

CRITICAL · CVSS 9.1 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-15T14:18:10.793 · Çekilme zamanı: 2026-07-15T18:35:51.505738+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-43637
Severity
CRITICAL
CVSS
9.1
EPSS
Yok

Orijinal NVD Açıklaması

Cornac before 2.6.0 contains a path traversal (Tar Slip) vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the _extract_archive() function in cornac/utils/download.py. Attackers can trigger this vulnerability through the built-in dataset loaders, which automatically download and extract archives, causing archive.extractall() to write files to arbitrary locations on the filesystem accessible to the running process.