CVE-2026-32885 | DDEV up to 1.25.1 pkg/archive/archive.go Untar/Unzip path traversal (GHSA-x2xq-qhjf-5mvg / EUVD-2026-25049)

A vulnerability was found in DDEV up to 1.25.1. It has been rated as critical. This affects the function Untar/Unzip of the file pkg/archive/archive.go. Performing a manipulation results in path traversal.

This vulnerability is reported as CVE-2026-32885. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More