Home / Vulnerability Intelligence / CVE-2026-29064

CVE-2026-29064 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 6, 2026

Zarf - Path Traversal

Published: March 6, 2026Updated: March 6, 2026

Overview

Zarf 0.54.0 to < 0.73.1 contains a path traversal vulnerability caused by symlink creation during archive extraction, letting attackers read or write arbitrary files on the system processing the package, exploit requires crafted Zarf package.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Attackers can read or write arbitrary files on the system processing the package, potentially leading to data tampering or information disclosure.

Mitigation

Update to version 0.73.1 or later.

References

https://github.com/zarf-dev/zarf/releases/tag/v0.73.1
https://github.com/zarf-dev/zarf/security/advisories/GHSA-hcm4-6hpj-vghm

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-29064
Severity: High
CVSS Score: 8.2
Type: path_traversal
Status: new

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N