Path Traversal Vulnerability in Rclone Command-Line Tool
CVE-2026-59732
5MEDIUM
What is CVE-2026-59732?
The vulnerability in Rclone, a command-line tool for syncing files across various cloud storage services, allows users to extract files from crafted archives to unintended directories. Specifically, prior to version 1.74.4, the 'archive extract' feature could be manipulated via parent path components (e.g., '../') in the archive file, potentially leading to the creation or overwriting of files in neighbouring directory structures within the same storage scope. This issue poses significant data integrity risks, highlighting the importance of updating to the secured version to mitigate potential exploitation.
Affected Version(s)
rclone < 1.74.4
