CVE-2026-43637
Cornac < 2.6.0 Path Traversal via _extract_archive() in download.py
CVSS Score
9.1
EPSS Score
0.0%
EPSS Percentile
0th
Cornac before 2.6.0 contains a path traversal (Tar Slip) vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the _extract_archive() function in cornac/utils/download.py. Attackers can trigger this vulnerability through the built-in dataset loaders, which automatically download and extract archives, causing archive.extractall() to write files to arbitrary locations on the filesystem accessible to the running process.
| CWE | CWE-22 |
| Vendor | preferredai |
| Product | cornac |
| Published | Jul 15, 2026 |
| Last Updated | Jul 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for preferredai cornac
Be the first to know when new critical vulnerabilities affecting preferredai cornac are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
Affected Versions
PreferredAI / cornac
0 < 2.6.0
References
github.com: https://github.com/PreferredAI/cornac/releases/tag/v2.6.0 github.com: https://github.com/PreferredAI/cornac/pull/709 github.com: https://github.com/PreferredAI/cornac/commit/8a50be72c11569b6747c6b96d6e31a0a1962f1a8 vulncheck.com: https://www.vulncheck.com/advisories/cornac-path-traversal-via-extract-archive-in-download-py
Credits
Rahul Karne Bharath Kumar Reddy Janumpally VulnCheck