AZL-77610

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77610.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-77610

Upstream

CVE-2026-26157

Published

2026-02-11T21:16:21Z

Modified

2026-04-21T04:34:18.826971Z

Summary

CVE-2026-26157 affecting package busybox for versions less than 1.36.1-22

Details

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-26157

Affected packages

Azure Linux:3 / busybox

Package

Name: busybox
Purl: pkg:rpm/azure-linux/busybox

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.36.1-22

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77610.json"