MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
Description
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's _download_from_ngc_private() function. The function uses zipfile.ZipFile.extractall() without path validation, while other similar download functions in the same codebase properly use the existing safe_extract_member() function. Commit 4014c8475626f20f158921ae0cf98ed259ae4d59 fixes this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
monaiPyPI | < 1.5.2 | 1.5.2 |
Affected products
1- Range: 0.1.0, 0.1.0rc1, 0.1.0rc2, …
Patches
14014c8475626Fix Zip Slip vulnerability in NGC private bundle download (#8682)
1 file changed · +3 −5
monai/bundle/scripts.py+3 −5 modified@@ -17,7 +17,6 @@ import re import urllib import warnings -import zipfile from collections.abc import Mapping, Sequence from functools import partial from pathlib import Path @@ -30,7 +29,7 @@ from torch.cuda import is_available from monai._version import get_versions -from monai.apps.utils import _basename, download_url, extractall, get_logger +from monai.apps.utils import _basename, _extract_zip, download_url, extractall, get_logger from monai.bundle.config_parser import ConfigParser from monai.bundle.utils import DEFAULT_INFERENCE, DEFAULT_METADATA, merge_kv from monai.bundle.workflows import BundleWorkflow, ConfigWorkflow @@ -288,9 +287,8 @@ def _download_from_ngc_private( if remove_prefix: filename = _remove_ngc_prefix(filename, prefix=remove_prefix) extract_path = download_path / f"{filename}" - with zipfile.ZipFile(zip_path, "r") as z: - z.extractall(extract_path) - logger.info(f"Writing into directory: {extract_path}.") + _extract_zip(zip_path, extract_path) + logger.info(f"Writing into directory: {extract_path}.") def _get_ngc_token(api_key, retry=0):
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-9rg3-9pvr-6p27ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-21851ghsaADVISORY
- github.com/Project-MONAI/MONAI/commit/4014c8475626f20f158921ae0cf98ed259ae4d59ghsax_refsource_MISCWEB
- github.com/Project-MONAI/MONAI/security/advisories/GHSA-9rg3-9pvr-6p27ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.