Summary
A path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file writes by chaining with a symlink entry, giving a full write primitive on the target filesystem subject to the permissions of the running process.
Details
The vulnerable code is in the directory-entry branch of WriteToDirectoryInternal (sync, IArchiveExtensions.cs:48–61) and WriteToDirectoryAsyncInternal (async, IAsyncArchiveExtensions.cs:70–84):
var dirPath = Path.Combine(destinationDirectory, entry.Key);
Directory.CreateDirectory(Path.GetDirectoryName(dirPath + "/"));
No Path.GetFullPath() normalisation and no bounds check are applied before the Directory.CreateDirectory call. Two .NET Path.Combine behaviours make this exploitable:
- Relative traversal:
Path.Combine("/safe/extract", "../../evil")→ the OS resolves..segments on the raw path, placing the directory outside the extraction root. - Absolute path override:
Path.Combine("/safe/extract", "/tmp/evil")→ returns"/tmp/evil", the base is discarded entirely for rooted paths.
File entries are not directly affected, they route through ExtractionMethods.WriteEntryToDirectory which applies the correct guard (GetFullPath + StartsWith, see ExtractionMethods.cs:54–65). The directory-entry branch is a separate fast-path that was added without that guard.
Affected archive formats: ZIP and TAR (non-solid). Solid archives and 7-Zip use the reader path which calls the secure method.
Escalation to arbitrary file writes (TAR only)
Path.GetFullPath on .NET does not resolve symlinks, it only normalises . and .. segments. This means the file-entry guard in ExtractionMethods.WriteEntryToDirectory can be bypassed via symlink chaining in TAR archives when the caller supplies a SymbolicLinkHandler:
archive.WriteToDirectory("/safe/extract", new ExtractionOptions
{
ExtractFullPath = true,
SymbolicLinkHandler = (linkPath, linkTarget) =>
File.CreateSymbolicLink(linkPath, linkTarget) // naive, no validation of linkTarget
});
Attack sequence in a single TAR archive:
Symlink entry,
link→../evil_outside/
TheSymbolicLinkHandlercreates/safe/extract/linkpointing outside the extraction root.File entry,
link/secret.txtExtractionMethods.WriteEntryToDirectorycomputes:destdir = Path.GetFullPath("/safe/extract/link")→"/safe/extract/link", textually inside root, check passes ✓File.Open("/safe/extract/link/secret.txt"), OS follows symlink, file is written to/evil_outside/secret.txt
The library does not validate linkTarget before passing it to the caller's handler, and the XML docs do not warn that it may be a traversal path. The idiomatic handler implementation above is therefore silently exploitable.
ZIP does not support symlinks in SharpCompress (ZipEntry.LinkTarget always returns null), so this escalation is TAR-only.
| Attack | ZIP | TAR |
|---|---|---|
| Directory traversal (escape extraction root) | Yes | Yes |
| Escalate to arbitrary file writes via symlink chain | No | Yes (if caller provides SymbolicLinkHandler) |
Recommended fix, apply the same pattern from ExtractionMethods.WriteEntryToDirectory to both affected files:
var fullDestDir = Path.GetFullPath(destinationDirectory);
if (!fullDestDir.EndsWith(Path.DirectorySeparatorChar))
fullDestDir += Path.DirectorySeparatorChar;
var dirPath = Path.GetFullPath(Path.Combine(fullDestDir, entry.Key));
if (!dirPath.StartsWith(fullDestDir, PathComparison))
throw new ExtractionException(
"Entry is trying to create a directory outside of the destination directory.");
Directory.CreateDirectory(dirPath);
Additionally, the library should validate LinkTarget before invoking the caller's SymbolicLinkHandler, or document clearly that callers must validate it themselves.
PoC
A self-contained .NET console app is available at:https://github.com/svenclaesson/poc-sharpcompress-traversal
git clone https://github.com/svenclaesson/poc-sharpcompress-traversal
cd poc-sharpcompress-traversal
dotnet run
The PoC crafts a ZIP with three directory entries (../../escaped_relative/, /tmp/escaped_absolute/, safe_subdir/) using System.IO.Compression (stdlib), then extracts with SharpCompress. Output shows [ESCAPED] for the two malicious entries and [ok] for the legitimate one, on both sync and async APIs.
Tested against SharpCompress 0.47.4 (latest NuGet).
Impact
This is a path traversal / zip slip vulnerability (CWE-22). Any application that calls archive.WriteToDirectory() on an untrusted archive is affected, which covers the primary documented extraction API.
For ZIP archives the impact is limited to arbitrary directory creation, which can be used to stage privilege escalation (e.g. cron drop-ins, XDG config paths, service spool directories) or shadow expected paths to alter application behaviour.
For TAR archives, callers that implement a SymbolicLinkHandler, which is the only way to faithfully restore a TAR, are exposed to a full arbitrary file write primitive via the symlink chaining described above.
Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files. Typical impact: unauthorized file read or write outside the intended directory.
CVE-2026-44788 has a CVSS score of 5.9 (Medium). The vector is network-reachable, no privileges required, and user interaction required. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. No fixed version is listed yet, so configuration controls and monitoring matter more in the interim.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
In the interim: Resolve the canonical path after applying any user-supplied input, and verify it remains within the intended directory before accessing it.
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2026-44788? CVE-2026-44788 is a medium-severity path traversal vulnerability in SharpCompress (nuget), affecting versions <= 0.47.4. No fixed version is listed yet. Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files.
- How severe is CVE-2026-44788? CVE-2026-44788 has a CVSS score of 5.9 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of SharpCompress are affected by CVE-2026-44788? SharpCompress (nuget) versions <= 0.47.4 is affected.
- Is there a fix for CVE-2026-44788? No fixed version is listed for CVE-2026-44788 yet. Monitor the advisory for updates and apply mitigations in the interim.
- Is CVE-2026-44788 exploitable, and should I be worried? Whether CVE-2026-44788 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2026-44788 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2026-44788? No fixed version is listed yet. In the interim: Resolve the canonical path after applying any user-supplied input, and verify it remains within the intended directory before accessing it.