MEDIUM
adamhathcock
CVE published 2026-05-26
CVE-2026-44788
## Summary SharpCompress versions 0.47.4 and earlier contain a path traversal vulnerability in `IArchive.WriteToDirectory()` that allows malicious archives to create directories outside the intended extraction root. For TAR archives, this can be chained with symlink entries to achieve arbitrary file writes on the target filesystem.