CVE-2026-37531 - Apache Gears Zip Slip Path Traversal with TOCTOU Race Condition
CVE ID :CVE-2026-37531 Published : May 1, 2026, 5:16 p.m. | 49 minutes ago Description :AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Nearly half of UK businesses pwned last year as phishing keeps doing the job like it's 2005
- [CYBER] CVE-2026-7591 - TimBroddin astro-mcp-server MCP Tool Query Construction index.ts sql injection
- [CYBER] CVE-2026-7590 - eyal-gor p_69_branch_monkey_mcp Preview Endpoint advanced.py os command injection
- [CYBER] CVE-2026-7589 - ghantakiran splunk-mcp-integration CSV Export csv_export.py create_csv_export path traversal
- [CYBER] CVE-2026-30363 - Flipperzero Firmware Stack Overflow Vulnerability
- [CYBER] CVE-2025-52347 - PassMark DirectIo64.sys Kernel Memory Access Privilege Escalation Vulnerability