Path Traversal Vulnerability in Appium's ZIP Extraction Implementation
CVE-2026-30973
6.5MEDIUM
What is CVE-2026-30973?
Appium's automation framework is susceptible to a path traversal issue in the ZIP extraction functionality within the @appium/support package. The vulnerability, arising from a non-functional check in the extraction implementation, permits malicious ZIP entries containing '../' path components to potentially overwrite files outside of the specified directory. This flaw affects all JavaScript-based extractions, making it critical to update to version 7.0.6 where the issue is resolved. Users are advised to patch their installations to maintain security and data integrity.
Affected Version(s)
support < 7.0.6
