VYPR

app-framework-main

by AGL

CVEs (1)

  • CVE-2026-37531CriMay 1, 2026
    risk 0.64cvss 9.8epss 0.01

    AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot…