A vulnerability was found in Apache Ivy up to 2.5.3. It has been rated as critical. Affected is an unknown function of the component PackagerResolver. Performing a manipulation results in path traversal.

This vulnerability was named CVE-2026-26032. The attack needs to be approached within the local network. There is no available exploit.

Upgrading the affected component is advised.