Description
A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting `.zip` archives using the `ZipFile.extractall()` method in `StorageManager._extract_to_cache()`. This issue arises due to the lack of path traversal validation, enabling an attacker to write arbitrary files to the filesystem. Attack vectors include dataset downloads, artifact downloads, model downloads, and offline session imports. The vulnerability can lead to remote code execution through methods such as cron job injection, SSH key overwrite, or web shell deployment. The issue is resolved in version 2.1.6.
Published: 2026-07-01
Score: 2.4 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A relative path traversal flaw exists in the ZipFile.extractall() routine of allegroai/clearml, specifically within StorageManager._extract_to_cache(). The missing validation of ZIP entry paths allows an attacker to supply crafted archives that write files outside the intended cache directory, revealing a classic CWE‑23 vulnerability. This flaw can result in remote code execution if the attacker successfully injects executables or modifies system files such as cron jobs, SSH keys, or web application shells.

Affected Systems

Allegro AI’s ClearML product, versions up to and including 1.16.5, is affected by this path‑traversal weakness. The remediation is included in ClearML release 2.1.6 and later.

Risk and Exploitability

The CVSS score is 2.4, indicating a low severity assessment at present. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog. Attackers can leverage this flaw by uploading malicious ZIP files during dataset, artifact, model, or offline session imports. Successful exploitation can create arbitrary files on the host and potentially lead to remote code execution through mechanisms such as cron job injection, SSH key overwrite, or web shell deployment, depending on the target environment’s configuration.

Generated by OpenCVE AI on July 2, 2026 at 05:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade allegroai/clearml to version 2.1.6 or later, which contains the path‑traversal patch.
  • If an upgrade is not immediately possible, temporarily disable or restrict the StorageManager._extract_to_cache() functionality until a secure resolution can be applied.
  • As a temporary safeguard, implement strict input validation to check ZIP entry paths for traversal sequences before extraction, rejecting any archives that attempt to write files outside the intended cache directory.

Generated by OpenCVE AI on July 2, 2026 at 05:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 12:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting `.zip` archives using the `ZipFile.extractall()` method in `StorageManager._extract_to_cache()`. This issue arises due to the lack of path traversal validation, enabling an attacker to write arbitrary files to the filesystem. Attack vectors include dataset downloads, artifact downloads, model downloads, and offline session imports. The vulnerability can lead to remote code execution through methods such as cron job injection, SSH key overwrite, or web shell deployment. The issue is resolved in version 2.1.6.
Title Relative Path Traversal in allegroai/clearml
Weaknesses CWE-23
References
Metrics cvssV3_0

{'score': 2.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published:

Updated: 2026-07-01T13:36:02.782Z

Reserved: 2026-05-12T11:48:49.154Z

Link: CVE-2026-8387

cve-icon Vulnrichment

Updated: 2026-07-01T13:35:51.040Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T05:45:03Z

Weaknesses
  • CWE-23

    Relative Path Traversal