Vulnerabilities

CVE-2026-32885

by Fred · 22/04/2026

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both `Untar()` and `Unzip()` functions in `pkg/archive/archive.go`. Downloads and extracts archives from remote sources without path validation. Version 1.25.2 patches the issue.

More information : https://github.com/ddev/ddev/releases/tag/v1.25.2

Similar

Tags: Cybersecurity Alert