PatchSiren

max-mapper CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH max-mapper CVE published 2026-06-26

CVE-2026-56876

CVE-2026-56876 is a HIGH severity vulnerability in extract-zip due to a lack of symlink target validation when extracting zip archives. This issue allows an attacker to create symlinks with relative paths that can point outside the extraction directory. Depending on how extract-zip is used, an attacker could read or write to arbitrary files. The vulnerability was published on June 26, 2026, and last modif [truncated]