CVE-2026-32885 | DDEV up to 1.25.1 pkg/archive/archive.go Untar/Unzip path traversal (GHSA-x2xq-qhjf-5mvg)

Inserito da Angelo Barbosa | Apr 22, 2026 | CVE

A vulnerability was found in DDEV up to 1.25.1. It has been rated as critical. This affects the function Untar/Unzip of the file pkg/archive/archive.go. Performing a manipulation results in path traversal.

This vulnerability is reported as CVE-2026-32885. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.

CVE-2026-32885 | DDEV up to 1.25.1 pkg/archive/archive.go Untar/Unzip path traversal (GHSA-x2xq-qhjf-5mvg)

Post correlati

CVE-2024-24842 | Knowledge Base for Documentation, FAQs with AI Assistance Plugin is_article_recently_viewed code injection

CVE-2025-7488 | JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 /file/download Name path traversal (Issue 18)

CVE-2023-49707 | joomlart S5 Register Module up to 3.0.0 on Joomla sql injection

CVE-2024-4503 | Ruijie RG-UAC up to 20240428 dhcp_relay_commit.php interface_from os command injection