CVE-2026-40090 | zarf-dev zarf up to 0.74.1 Metadata.Name path traversal

April 15, 2026 Yanac

A vulnerability described as critical has been identified in zarf-dev zarf up to 0.74.1. This affects an unknown part. Such manipulation of the argument Metadata.Name leads to path traversal.

This vulnerability is documented as CVE-2026-40090. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More

CVE-2026-40499 | radareorg radare2 up to 6.1.3 PDB Parser print_gvars os command injection
CVE-2026-34454 | oauth2-proxy OAuth2 Proxy up to 7.15.1 Logout/Sign-out session expiration (GHSA-f24x-5g9q-753f)