What the vulnerability does
01Description
vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction.
CVSS base score
5.9/10
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
Key dates
02Disclosure timeline
January 27, 2026
CVE published
January 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-47613
CVE-2022-20755 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
CVE-2023-35816
CVE-2025-48817 Remote Desktop Client Remote Code Execution Vulnerability
CVE-2024-54461 Unsanitized Filenames in Flutter package file_selector_android Allow File Overwrites
