CVE-2026-41082
â ī¸ highSummary
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.
CVSS Score
7.3
High
EPSS Score
0.2
Exploit Probability
Published Date
2026-04-16
First Seen: 2026-04-20
đ Relative Risk Intelligence
This CVE is Moderate Risk - more severe than 55.4% of all 335,187 vulnerabilities in our database.
#149,529
Above average severity
Severity Percentile
đ¯ CISA SSVC Assessment Updated: Jun 16, 2026
đ Exploitation Status
Poc
Proof-of-concept available
âī¸ Automatable
NO
Requires human interaction
đĨ Technical Impact
Partial
Limited system impact
SSVC data provided by
CISA
Last Modified
2026-07-08
Source
NVD đ
CVSS Vector 3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L