CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-57825

unknowncovered by 1 sourcefirst seen 2026-07-10
Kate Deplaix reported that .install file directives were insufficiently restricted in OPAM, a package manager for OCaml. Installing files through .install files did not check symlinks resolution on the target path, which could result in directory traversal out of the package area. https://security-tracker.debian.org/tracker/DSA-6386-1

CSIRTS triage

What
Insufficient restrictions in .install file directives can lead to directory traversal vulnerabilities.
Who is affected
Users of OPAM who install packages are affected.
Urgency
Remediation is necessary as exploitation is possible, though the severity is unknown.
Action
Users should update OPAM to the latest version to mitigate this issue.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-57825

Get an email if CVE-2026-57825 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (1)

External references

NVD record for CVE-2026-57825

CVE.org record

Embed the live status

CVE-2026-57825 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-57825 status](https://www.csirts.com/badge/CVE-2026-57825)](https://www.csirts.com/cve/CVE-2026-57825)