VYPR
Medium severity5.9GHSA Advisory· Published May 26, 2026· Updated Jun 5, 2026

CVE-2026-44788

CVE-2026-44788

Description

SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file writes by chaining with a symlink entry, giving a full write primitive on the target filesystem subject to the permissions of the running process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
SharpCompressNuGet
<= 0.47.4

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.