CVE-2026-41082

Published: Apr 16, 2026 Last Modified: Apr 16, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,3
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: high
Availability: low

Description

AI Translation Available

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.

24

Path Traversal: '../filedir'

Incomplete
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity
Potential Impacts:
Read Files Or Directories Modify Files Or Directories
Applicable Platforms
All platforms may be affected
View CWE Details
https://github.com/ocaml/opam/pull/6897
https://github.com/ocaml/opam/pull/6897
https://github.com/ocaml/opam/releases/tag/2.5.1
https://github.com/ocaml/opam/releases/tag/2.5.1