CNNVD-202601-1120 Information

CNNVD ID

CNNVD-202601-1120

Related CVE

CVE-2026-21851

• CNNVD Published: 2026-01-07

Description (Chinese)

MONAI是Project MONAI开源的一个医疗成像AI工具包。 MONAI 1.5.1及之前版本存在路径遍历漏洞，该漏洞源于_download_from_ngc_private函数使用zipfile.ZipFile.extractall时未进行路径验证，可能导致路径遍历攻击。

Description (English)

MONAI is a medical imaging AI toolkit from Project MONAI Open Source. MONAI 1.5.1 and previous versions have path-to-path loopholes, which stem from the fact that the download from ngc private function uses zipfile.ZipFile.extractall without a path-to-path validation, which may lead to a path-to-path attack.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Project MONAI

Published

2026-01-07

Last Modified

2026-02-24

References

https://github.com/Project-MONAI/MONAI/commit/4014c8475626f20f158921ae0cf98ed259ae4d59 https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-9rg3-9pvr-6p27