In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55628.json",
"cwe_ids": [
"CWE-73",
"CWE-862"
],
"cna_assigner": "GitHub_M"
}