Vulnerability in Apple Container
CVE-2026-20613
The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract…
EPSS: 0.000 (1.9th percentile) — read the EPSS interpretation.
Affected products
- Apple Container — versions unspecified
- Apple Containerization — versions unspecified