Path Traversal Vulnerability in SharpCompress Library Affects Multiple Versions
CVE-2026-44788

5.9MEDIUM

Key Information:

Vendor: Adamhathcock
Status: Sharpcompress
Vendor: CVE Published:; 26 May 2026

🔔 Create Adamhathcock Vulnerability Alert

What is CVE-2026-44788?

The SharpCompress library, which is designed for handling various compression types and formats, has a path traversal flaw in its IArchive.WriteToDirectory() method. This vulnerability allows a crafted archive to create directories outside the designated extraction path. Particularly with TAR archives, it can escalate to arbitrary file writes by utilizing a symlink entry, potentially granting malicious actors complete write permissions on the target filesystem based on the permissions of the executing process.

Affected Version(s)

sharpcompress <= 0.47.4

References

https://github.com/adamhathcock/sharpcompress/security/ad...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44788 Data

JSON