Vulnerabilities in OCaml
3 resultsCVE-2026-41082HIGHIn OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.EPSS 0.2%CVE-2026-28364HIGHIn OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution EPSS 0.2%CVE-2026-34353MEDIUMIn OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is procEPSS 0.1%