CVE-2026-24909

Publication date

2026-01-27 22:14:37

Family

mitre

State

PUBLISHED

Description

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction.