arbitrary symlink creation during archive extraction leads to information disclosure
Summary
arbitrary symlink creation during archive extraction leads to information disclosure. Red Hat rates this important (CVSS 7.5). Weakness: CWE-61. Red Hat lists fixing advisory RHSA-2026:37577 with package dotnet8-0-main-8.0.128-1.1.hum1.
What this means
In plain English
arbitrary symlink creation during archive extraction leads to information disclosure. Red Hat rates this important (CVSS 7.5). Weakness: CWE-61. Red Hat lists fixing advisory RHSA-2026:37577 with package dotnet8-0-main-8.0.128-1.1.hum1. Information disclosure can expose data available to the affected component beyond its intended authorization boundary.
Recommended action
Primary action: update to a vendor-listed fixed release: dotnet8-0-main-8.0.128-1.1.hum1, RHSA-2026:37577.
Rewritten locally from the scraped official advisory data above; no generative API is used. The vendor advisory is authoritative.
Affected versions
No affected-version range was extracted from the source record. The vendor advisory is authoritative — check it before change work.
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
- dotnet8-0-main-8.0.128-1.1.hum1
- RHSA-2026:37577
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Mitigation
Upgrade to a fixed release: dotnet8-0-main-8.0.128-1.1.hum1, RHSA-2026:37577. That is the remediation for this advisory.
The vendor advisory may list additional interim mitigations or workarounds not captured here — review it before change work.
Official advisory · high-confidence parse· fetched 3 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.