JustAppSec
HIGH SeverityCVSS 3.17.3CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

CVE-2026-41082

Last updated Apr 16, 2026 · Published Apr 16, 2026

← Back to list

Description

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.

Affected products

1 listed
  • OCaml:opam

Mappings

CWE

CWE-24

CAPEC

None listed.

CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms

Need help?Get in touch.