Vulnerabilities in zarf-dev

2 results

CVE-2026-40090HIGHZarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File WriteEPSS 0.3%CVE-2026-29064HIGHZarf: Symlink targets in archives are not validated against destination directoryEPSS 0.2%