Opam · Opam · CVE-2026-41082
**Name of the Vulnerable Software and Affected Versions**
opam versions prior to 2.5.1
**Description**
A directory traversal issue exists where a `.install` field containing a destination filepath can use `../` to reach a parent directory.
**Recommendations**
Update to version 2.5.1.