MEDIUM
kevva
CVE published 2026-06-05
CVE-2026-10732
CVE-2026-10732 is a vulnerability in the decompress package that allows for arbitrary file writes via archive extraction (Zip Slip). An attacker can write arbitrary files on the host filesystem, potentially leading to remote code execution, by providing a specially crafted ZIP archive. This vulnerability bypasses all existing path traversal protections, including preventWritingThroughSymlink, added as par [truncated]