CVE-2026-50162 | oras-project oras-go up to 2.6.0 File Path Resolver content/file/file.go resolveWritePath AnnotationTitle symlink
A vulnerability, which was classified as critical, was found in oras-project oras-go up to 2.6.0. This affects the function resolveWritePath of the file content/file/file.go of the component File Path Resolver. Executing a manipulation of the argument AnnotationTitle can lead to symlink following.
This vulnerability appears as CVE-2026-50162. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More