PYSEC-2026-529

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2026-529.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-529
Aliases
Published
2026-06-29T11:50:38.396059Z
Modified
2026-07-01T20:23:04.697187Z
Severity
  • 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
Summary
Salt vulnerable to directory traversal attack in file receiving method
Details

Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.

References

Affected packages

PyPI / salt

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3006.0rc1
Fixed
3006.12

Affected versions

3006.*
3006.0rc1
3006.0rc2
3006.0rc3
3006.0
3006.1
3006.2
3006.3
3006.4
3006.5
3006.6
3006.7
3006.8
3006.9
3006.10
3006.11

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/salt/PYSEC-2026-529.yaml"