CVE•Published 2026-04-16•Modified 2026-06-16•0 articles on news•5 live references•NVD data

CVE-2026-41082

Vulnerability data via NVD (ingested)

CVSS v3.1

7.3

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

EPSS percentile

Exploit Prediction Scoring System · top 92% of all CVEs

Weaknesses (CWE)

CWE-24Path Traversal: '../filedir'

Description

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.

Timeline

Published 2026-04-16

Modified 2026-06-16

External references

NVD MITRE Exploit-DB Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-41082

Hosts Shodan has explicitly fingerprinted as vulnerable.

More intel sources (5)

Shodan report

vuln:CVE-2026-41082

Country / ASN / product breakdown for the vuln query.

Censys

vulnerabilities.cve_id: CVE-2026-41082

Censys host search filtered to this CVE id.

grep.app

CVE-2026-41082

Public source-code mentions — fast PoC discovery.

GitHub code

CVE-2026-41082

GitHub code search for direct mentions.

Google dork

"CVE-2026-41082" exploit -site:nvd.nist.gov

Write-ups and news, NVD excluded.

Known PoCs on GitHub (7)

CVE-2026-410827 repos

Mr-xn/Penetration_Testing_POCHTML

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypas…

★ 7,398·updated 5d ago

Ostorlab/KEVunknown

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

★ 612·updated 3mo ago

Threekiii/CVEunknown

一个 CVE 漏洞预警知识库，无 exp/poc，部分包含修复方案。A knowledge base of CVE security vulnerability, no PoCs/exploits.

★ 170·updated today

west-wind/Threat-Hunting-With-Splunkunknown

Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise

★ 69·updated 3d ago

ddrimus/http-threat-blocklistunknown

A daily-updated blocklist of IP addresses involved in malicious HTTP attacks that bypassed multiple security layers. Ideal for protecting web servers against probing, exploits, and…

★ 5·updated today

Vulnetix/breach-notesGo

Breach intelligence notes: structured YAML records of breach reports, advisories, and cyber incidents

★ 3·updated 3w ago

rxerium/CISA-KEVPython

An automated repo to track Nuclei template scanning capabilities against the CISA KEV.

★ 3·updated today

We haven't classified any articles referencing CVE-2026-41082 yet. The external references above still apply.