MEDIUM
Black Lantern Security
CVE published 2026-06-17
CVE-2026-12565
CVE-2026-12565 is a medium-severity path traversal vulnerability in the unarchive internal module's archive extraction commands. The vulnerability allows a malicious archive to write files outside the intended extraction directory on systems with GNU tar < 1.34, such as Ubuntu 20.04, Debian Buster, and CentOS 7. This issue was not fully addressed by CVE-2025-10284, which only fixed git-specific RCE vector [truncated]