CVE-2026-24909

Summary

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction.

Affected Software

VendorProductVersion RangeStatus
vltvlt0 < 1.0.0-rc.10affected

Weaknesses

  • CWE-23: CWE-23 Relative Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References