A vulnerability, which was classified as critical, was found in PreferredAI cornac up to 2.5.x. This issue affects the function
_extract_archive of the file cornac/utils/download.py of the component TAR Handler. Such manipulation of the argument path leads to path traversal.
This vulnerability is uniquely identified as CVE-2026-43637. The attack can be launched remotely. No exploit exists.