CVE-2026-50163 | oras-project oras-go up to 2.6.1 Hardlink Resolver content/file/utils.go ensureLinkPath Linkname path traversal
A vulnerability has been found in oras-project oras-go up to 2.6.1 and classified as critical. This impacts the function ensureLinkPath of the file content/file/utils.go of the component Hardlink Resolver. The manipulation of the argument Linkname leads to path traversal.
This vulnerability is traded as CVE-2026-50163. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More