CVE-2026-57825
Kate Deplaix reported that .install file directives were insufficiently restricted in OPAM, a package manager for OCaml. Installing files through .install files did not check symlinks resolution on the target path, which could result in directory traversal out of the package area. https://security-tracker.debian.org/tracker/DSA-6386-1
CSIRTS triage
- What
- Insufficient restrictions in .install file directives can lead to directory traversal vulnerabilities.
- Who is affected
- Users of OPAM who install packages are affected.
- Urgency
- Remediation is necessary as exploitation is possible, though the severity is unknown.
- Action
- Users should update OPAM to the latest version to mitigate this issue.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-57825
Get an email if CVE-2026-57825 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Advisory coverage (1)
- unknownDSA-6386-1 opam - security updatedebian · 2026-07-10
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-57825)