CVE-2026-44788

Name of the Vulnerable Software and Affected Versions SharpCompress (affected versions not specified)

Description A path traversal issue exists in the IArchive.WriteToDirectory() method, specifically within the WriteToDirectoryInternal() and WriteToDirectoryAsyncInternal() functions. This allows a malicious archive to create directories outside the intended extraction root because the software fails to perform path normalization or bounds checks before calling Directory.CreateDirectory. This affects ZIP and non-solid TAR archive formats.

For TAR archives, this can be escalated to arbitrary file writes if the caller provides a SymbolicLinkHandler. An attacker can use a symlink entry to point outside the extraction root; subsequent file entries targeting that symlink will be written to the external location, as the library does not validate the linkTarget variable before passing it to the handler.

Recommendations Apply path normalization using Path.GetFullPath() and verify that the resulting path starts with the destination directory before calling Directory.CreateDirectory() in the WriteToDirectoryInternal() and WriteToDirectoryAsyncInternal() functions. Validate the linkTarget variable before invoking the SymbolicLinkHandler or restrict the use of the SymbolicLinkHandler when processing untrusted TAR archives.