Multiple newly disclosed vulnerabilities exposed arbitrary file write paths through symlink handling and path validation failures in developer and server-side software. In Crawl4AI before 0.8.8, CVE-2026-56258 affects screenshot and PDF endpoints by combining weak output_path validation, symlink following, and a TOCTOU race, allowing unauthenticated remote attackers to write files outside the intended directory and potentially reach code execution. In Cursor Desktop before 3.0, CVE-2026-50549 lets a malicious agent escape the workspace sandbox by forcing path canonicalization to fail and then abusing an in-workspace symlink to write arbitrary files under the user’s privileges, including paths that could enable later unsandboxed execution.
A related pattern also appeared in archive extraction and privileged upload handling. The extract-zip package is affected by CVE-2026-56876, which fails to validate symlink targets inside ZIP archives, enabling path traversal outside the extraction directory and possible arbitrary file read or write when processing untrusted archives. Separately, pwnlift disclosed CVE-2026-56815 in a privileged upload handler that could be abused for arbitrary file write as root through direct symlink following and a TOCTOU race; an initial fix was bypassable before a follow-up patch was merged, while one downstream deployment mitigated exposure by removing the privileged sudo entry. Together, the disclosures highlight recurring risk from incomplete path canonicalization, unsafe symlink handling, and containment checks in file-write workflows.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
CVE-2026-56876 was published for the extract-zip package, describing improper validation of symlink targets during ZIP extraction that can enable path traversal outside the extraction directory. The flaw may allow arbitrary file read or write depending on how the package is used.
CVE-2026-50549 was published for Cursor Desktop, detailing a sandbox escape caused by symlink abuse and failed path canonicalization during agent writes. The issue affects versions prior to 3.0 and was fixed in Cursor version 3.0.
MITRE assigned CVE-2026-56815 to the pwnlift privileged upload handler flaw, which can allow arbitrary file write as root via symlink following and a TOCTOU race. The advisory explicitly states the CVE was assigned on 2026-06-23.
CVE-2026-56258 was published for Crawl4AI, describing an unauthenticated arbitrary file write in screenshot and PDF endpoints caused by insufficient path validation, symlink following, and a TOCTOU condition. The issue affects versions before 0.8.8 and upgrading to 0.8.8 or later is recommended.
A follow-up fix for CVE-2026-56815 was merged in pwnlift after an initial remediation proved incomplete. The advisory says this fix was merged on 2026-06-18.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
cvefeed.io
Open sourcecvefeed.io
Open sourcecvefeed.io
Open sourceseclists.org
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.