Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-6c8g-7p36-r338 | SharpCompress has directory traversal via directory entries in WriteToDirectory (zip slip variant) |
Fri, 05 Jun 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:adamhathcock:sharpcompress:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Sharpcompress Project
Sharpcompress Project sharpcompress |
Wed, 03 Jun 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Sharpcompress Project
Sharpcompress Project sharpcompress |
|
| CPEs | cpe:2.3:a:sharpcompress_project:sharpcompress:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Sharpcompress Project
Sharpcompress Project sharpcompress |
Wed, 27 May 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 27 May 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Adamhathcock
Adamhathcock sharpcompress |
|
| Vendors & Products |
Adamhathcock
Adamhathcock sharpcompress |
Tue, 26 May 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file writes by chaining with a symlink entry, giving a full write primitive on the target filesystem subject to the permissions of the running process. | |
| Title | SharpCompress: Directory traversal via directory entries in WriteToDirectory (zip slip variant) | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-05-27T12:46:16.036Z
Reserved: 2026-05-07T19:20:44.691Z
Link: CVE-2026-44788
Updated: 2026-05-27T12:46:01.510Z
Status : Analyzed
Published: 2026-05-26T22:16:42.587
Modified: 2026-06-17T10:51:20.107
Link: CVE-2026-44788
No data.
OpenCVE Enrichment
Updated: 2026-05-27T10:08:11Z
Github GHSA