{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21851", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-05T16:44:16.366Z", "datePublished": "2026-01-07T22:27:19.410Z", "dateUpdated": "2026-01-08T20:09:55.184Z"}, "containers": {"cna": {"title": "MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-9rg3-9pvr-6p27", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-9rg3-9pvr-6p27"}, {"name": "https://github.com/Project-MONAI/MONAI/commit/4014c8475626f20f158921ae0cf98ed259ae4d59", "tags": ["x_refsource_MISC"], "url": "https://github.com/Project-MONAI/MONAI/commit/4014c8475626f20f158921ae0cf98ed259ae4d59"}], "affected": [{"vendor": "Project-MONAI", "product": "MONAI", "versions": [{"version": "<= 1.5.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-07T22:27:19.410Z"}, "descriptions": [{"lang": "en", "value": "MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, while other similar download functions in the same codebase properly use the existing `safe_extract_member()` function. Commit 4014c8475626f20f158921ae0cf98ed259ae4d59 fixes this issue."}], "source": {"advisory": "GHSA-9rg3-9pvr-6p27", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-9rg3-9pvr-6p27", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-08T20:09:52.023174Z", "id": "CVE-2026-21851", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T20:09:55.184Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21851", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-08T20:09:52.023174Z"}}}], "references": [{"url": "https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-9rg3-9pvr-6p27", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T20:09:39.819Z"}}], "cna": {"title": "MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download", "source": {"advisory": "GHSA-9rg3-9pvr-6p27", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Project-MONAI", "product": "MONAI", "versions": [{"status": "affected", "version": "<= 1.5.1"}]}], "references": [{"url": "https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-9rg3-9pvr-6p27", "name": "https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-9rg3-9pvr-6p27", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Project-MONAI/MONAI/commit/4014c8475626f20f158921ae0cf98ed259ae4d59", "name": "https://github.com/Project-MONAI/MONAI/commit/4014c8475626f20f158921ae0cf98ed259ae4d59", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, while other similar download functions in the same codebase properly use the existing `safe_extract_member()` function. Commit 4014c8475626f20f158921ae0cf98ed259ae4d59 fixes this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-07T22:27:19.410Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21851", "state": "PUBLISHED", "dateUpdated": "2026-01-08T20:09:55.184Z", "dateReserved": "2026-01-05T16:44:16.366Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-07T22:27:19.410Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:project-monai:monai:*:*:*:*:*:*:*:*", "matchCriteriaId": "A887CB32-431C-4AFD-8C59-B2262427288D", "versionEndIncluding": "1.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, while other similar download functions in the same codebase properly use the existing `safe_extract_member()` function. Commit 4014c8475626f20f158921ae0cf98ed259ae4d59 fixes this issue."}], "id": "CVE-2026-21851", "lastModified": "2026-02-02T15:13:47.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-01-07T23:15:50.677", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Project-MONAI/MONAI/commit/4014c8475626f20f158921ae0cf98ed259ae4d59"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory", "Mitigation"], "url": "https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-9rg3-9pvr-6p27"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory", "Mitigation"], "url": "https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-9rg3-9pvr-6p27"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T07:52:45.365041+00:00", "value": {"mitigation_remediation": ["Upgrade MONAI to a release newer than 1.5.1 that incorporates commit 4014c8475626f20f158921ae0cf98ed259ae4d59.", "If an upgrade is not immediately possible, replace or modify the _download_from_ngc_private implementation to validate extraction paths, or use the safe_extract_member helper employed by other download functions.", "Restrict or disable the use of the NGC private bundle download function until the issue is resolved or the code is patched."], "summary": {"action": "Patch", "impact": "Path Traversal (Zip Slip) \u2013 arbitrary file write"}, "threat_synthesis": {"affected_systems": "Affected products are the MONAI AI toolkit from Project\u2011MONAI, versions up to and including 1.5.1. Users running any of these releases are susceptible to the vulnerability.", "description_and_impact": "MONAI includes a Path Traversal (Zip Slip) flaw in the _download_from_ngc_private function, which extracts ZIP files without validating member paths, allowing an attacker to write files outside the intended extraction directory. This can lead to arbitrary file overwrite or placement of executable files, potentially compromising the underlying system. The flaw is identified as CWE\u201122.", "risk_and_exploitability": "With a CVSS score of 5.3 and an EPSS score of less than 1\u202f%, the current risk is moderate but the likelihood of exploitation remains low. The vulnerability is not listed in the CISA KEV catalog. Exploitation would likely require an actor with the ability to trigger the vulnerable download function, such as a system administrator or an application that invokes the function without input validation. Because the flaw arises from ZIP file handling, the attack vector is inferred to be local or internal, and error handling or path sanitization could prevent abuse."}}}}, "created": "2026-01-08T09:48:21.192319+00:00", "updated": "2026-04-18T08:00:05.791932+00:00", "vendors": ["monai", "monai$PRODUCT$monai"]}