PatchSiren cyber security CVE debrief
CVE-2026-41082 OCaml CVE debrief
CVE-2026-41082 is a HIGH-severity vulnerability in OCaml opam, a package manager for OCaml. The vulnerability allows a .install field to use ../ to reach a parent directory, potentially leading to security issues.
- Vendor
- OCaml
- Product
- opam
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-16
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-04-16
- Advisory updated
- 2026-06-15
Who should care
Users of OCaml opam before version 2.5.1 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by the ability to use ../ in a .install field, which can be used to reach a parent directory. This could potentially be used to overwrite files or directories outside of the intended installation location.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to OCaml opam version 2.5.1 or later.
- Review and validate .install files to ensure they do not use ../ to reach parent directories.
Evidence notes
The CVE record and NVD detail pages provide additional information about this vulnerability.
Official resources
-
CVE-2026-41082 CVE record
CVE.org
-
CVE-2026-41082 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
- Source reference
- Source reference
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
CVE-2026-41082 was published on 2026-04-16T18:16:45.980Z and modified on 2026-06-15T20:16:27.800Z.