CVE-2026-40090 | zarf-dev zarf up to 0.74.1 Metadata.Name path traversal

A vulnerability described as critical has been identified in zarf-dev zarf up to 0.74.1. This affects an unknown part. Such manipulation of the argument Metadata.Name leads to path traversal.

This vulnerability is documented as CVE-2026-40090. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More