Medium severity5.9GHSA Advisory· Published May 26, 2026· Updated Jun 5, 2026
CVE-2026-44788
CVE-2026-44788
Description
SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file writes by chaining with a symlink entry, giving a full write primitive on the target filesystem subject to the permissions of the running process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
SharpCompressNuGet | <= 0.47.4 | — |
Affected products
3<= 0.47.4+ 1 more
- (no CPE)range: <= 0.47.4
- cpe:2.3:a:adamhathcock:sharpcompress:*:*:*:*:*:*:*:*range: <=0.47.4
Patches
Vulnerability mechanics
References
2- github.com/adamhathcock/sharpcompress/security/advisories/GHSA-6c8g-7p36-r338nvdExploitMitigationVendor AdvisoryWEB
- github.com/advisories/GHSA-6c8g-7p36-r338ghsaADVISORY
News mentions
0No linked articles in our index yet.