CVE-2026-41082

HIGH CVSS 7.3 View on NVD ↗

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Published: Apr 16, 2026 18:16 UTC Modified: Apr 17, 2026 15:38 UTC