What is CVE-2026-56876?

CVE-2026-56876 is a high-severity vulnerability in Max-mapper Extract-zip, classified under Path Traversal. CVSS score: 8.1/10. Published 2026-06-26.

How severe is CVE-2026-56876?

High severity. CVSS v3 base score is 8.1 out of 10.

Path Traversal in Max-mapper Extract-zip

CVE-2026-56876

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validati…

Vulnerability class: Path Traversal (Directory Traversal)

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N.

Affected products

Max-mapper Extract-zip — versions 0

Weakness classification (CWE)

References

9119a7d8-5eab-497f-8521-727c672e3725 (third-party-advisory)
9119a7d8-5eab-497f-8521-727c672e3725 (third-party-advisory)
9119a7d8-5eab-497f-8521-727c672e3725 (vdb-entry)

Frequently asked questions

What is CVE-2026-56876?: CVE-2026-56876 is a high-severity vulnerability in Max-mapper Extract-zip, classified under Path Traversal. CVSS score: 8.1/10. Published 2026-06-26.
How severe is CVE-2026-56876?: High severity. CVSS v3 base score is 8.1 out of 10.