🔐 CVE Alert

CVE-2026-61371

HIGH 7.5
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

Microsoft AVML before 0.17.0 could follow a symlink when opening a destination output path on Unix, allowing truncation/overwrite of the symlink target. The destructive effect is performed at open-time via O_TRUNC, and can happen before full input validation completes (“truncation-before-validation”).

Vendor n/a
Product n/a
Published Jul 15, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new high vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a
n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗
github.com: https://github.com/microsoft/avml/pull/754 github.com: https://github.com/microsoft/avml/releases/tag/v0.17.0 gist.github.com: https://gist.github.com/thesmartshadow/2d099071f847de8db3dc4bbaf4dfa6df