Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Debian DSA-6216-1 OPAM Critical Directory Traversal Issue CVE-2026-41082

debian
Calendar Grey April 17, 2026
Debian Logo
Andrew Nesbitt identified a directory traversal issue in OPAM for Debian, fixed in the latest package updates. Upgrade now!
Andrew Nesbitt discovered that .install file directives were insufficiently restricted in OPAM, a package manager for OCaml

Summary

For the oldstable distribution (bookworm), this problem has been fixed
in version 2.1.2-1+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 2.3.0-1+deb13u1.

We recommend that you upgrade your opam packages.

For the detailed security status of opam please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/opam

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: opam
CVE ID: CVE-2026-41082

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here