CVE-2026-3067 | HummerRisk up to 1.5.0 Archive Extraction CommandUtils.java extractTarGZ/extractZip path traversal

A vulnerability was found in HummerRisk up to 1.5.0. It has been rated as critical. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/CommandUtils.java of the component Archive Extraction. The manipulation leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-3067. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3067 | HummerRisk up to 1.5.0 Archive Extraction CommandUtils.java extractTarGZ/extractZip path traversal

Post correlati

CVE-2024-35705 | Ciprian Popescu Block for Font Awesome Plugin up to 1.4.4 on WordPress cross site scripting

CVE-2023-4503 | eap-galleon http-invoker Privilege Escalation

CVE-2026-1110 | cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04 rtsp_parse_method buffer overflow

CVE-2025-12223 | Bdtask Flight Booking Software up to 3.1 Package Information /b2c/package-information unrestricted upload