CVE-2026-21851 - Vulnerability Details

- MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download

Description

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, while other similar download functions in the same codebase properly use the existing `safe_extract_member()` function. Commit 4014c8475626f20f158921ae0cf98ed259ae4d59 fixes this issue.

Published: 2026-01-07

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

MONAI includes a Path Traversal (Zip Slip) flaw in the _download_from_ngc_private function, which extracts ZIP files without validating member paths, allowing an attacker to write files outside the intended extraction directory. This can lead to arbitrary file overwrite or placement of executable files, potentially compromising the underlying system. The flaw is identified as CWE‑22.

Affected Systems

Affected products are the MONAI AI toolkit from Project‑MONAI, versions up to and including 1.5.1. Users running any of these releases are susceptible to the vulnerability.

Risk and Exploitability

With a CVSS score of 5.3 and an EPSS score of less than 1 %, the current risk is moderate but the likelihood of exploitation remains low. The vulnerability is not listed in the CISA KEV catalog. Exploitation would likely require an actor with the ability to trigger the vulnerable download function, such as a system administrator or an application that invokes the function without input validation. Because the flaw arises from ZIP file handling, the attack vector is inferred to be local or internal, and error handling or path sanitization could prevent abuse.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Project-MONAI

MONAI

affected

Version	Status	Constraints
`<= 1.5.1`	affected	—

Configuration 1 [-]

cpe:2.3:a:project-monai:monai:*:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Monai	Monai	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade MONAI to a release newer than 1.5.1 that incorporates commit 4014c8475626f20f158921ae0cf98ed259ae4d59.
If an upgrade is not immediately possible, replace or modify the _download_from_ngc_private implementation to validate extraction paths, or use the safe_extract_member helper employed by other download functions.
Restrict or disable the use of the NGC private bundle download function until the issue is resolved or the code is patched.

Generated by OpenCVE AI on April 18, 2026 at 07:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-9rg3-9pvr-6p27	MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00022.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/Project-MONAI/MONAI/commit/4014c8475626f20f158921ae0cf98ed259ae4d59
https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-9rg3-9pvr-6p27

History

Mon, 02 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Project-monai Project-monai monai
CPEs		cpe:2.3:a:project-monai:monai::::::::
Vendors & Products		Project-monai Project-monai monai

Thu, 08 Jan 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 08 Jan 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Monai Monai monai
Vendors & Products		Monai Monai monai

Wed, 07 Jan 2026 22:45:00 +0000

Type	Values Removed	Values Added
Description		MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, while other similar download functions in the same codebase properly use the existing `safe_extract_member()` function. Commit 4014c8475626f20f158921ae0cf98ed259ae4d59 fixes this issue.
Title		MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
Weaknesses		CWE-22
References		https://github.com/Project-MONAI/MONAI/commit/4014c8475626f20f158921ae0cf98ed259ae4d59 https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-9rg3-9pvr-6p27
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N'}`

Subscriptions

Monai Monai

Project-monai Monai

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-01-07T22:27:19.410Z

Updated: 2026-01-08T20:09:55.184Z

Reserved: 2026-01-05T16:44:16.366Z

Link: CVE-2026-21851

Vulnrichment

Updated: 2026-01-08T20:09:39.819Z

NVD

Status : Analyzed

Published: 2026-01-07T23:15:50.677

Modified: 2026-02-02T15:13:47.910

Link: CVE-2026-21851

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T08:00:05Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object