CVE-2026-21851 is a path traversal vulnerability categorized under CWE-22 found in the Medical Open Network for AI (MONAI) toolkit, specifically in versions up to and including 1.5.1. The vulnerability arises from the _download_from_ngc_private() function, which downloads and extracts zip archives using Python's zipfile.ZipFile.extractall() method without validating the paths of the extracted files. This improper limitation allows an attacker to craft a malicious zip archive containing file paths with directory traversal sequences (e.g., ../) that can escape the intended extraction directory. Consequently, an attacker could overwrite arbitrary files on the host system, potentially injecting malicious code or altering critical files, thereby compromising the integrity of the system. Unlike other download functions in the same codebase that use a safe_extract_member() function to validate paths, this function lacks such safeguards. The vulnerability has a CVSS 3.1 base score of 5.3, reflecting a medium severity with network attack vector, high attack complexity, no privileges required, but requiring user interaction. Although no known exploits are currently reported in the wild, the presence of this vulnerability in a healthcare AI toolkit that processes sensitive medical imaging data poses a significant risk. The issue was resolved in a later commit (4014c8475626f20f158921ae0cf98ed259ae4d59) by implementing proper path validation during extraction. Given MONAI's role in healthcare imaging AI, exploitation could undermine the integrity of medical data processing pipelines.

For European organizations, particularly those in the healthcare sector utilizing MONAI for AI-driven medical imaging, this vulnerability could lead to unauthorized modification of system files or application components. Such integrity breaches may result in corrupted medical imaging data, misdiagnosis, or disruption of AI workflows critical for patient care. The ability to write files outside the intended directory could also be leveraged to implant backdoors or malware, escalating the risk of broader system compromise. Although the vulnerability does not directly affect confidentiality or availability, the integrity impact on sensitive healthcare systems is significant. Given the reliance on AI tools in modern European healthcare infrastructure, exploitation could undermine trust in medical AI outputs and potentially violate regulatory compliance such as GDPR if patient data integrity is affected. The medium CVSS score reflects the need for caution, especially since exploitation requires user interaction, which might occur through social engineering or maliciously crafted inputs in the healthcare environment.

European healthcare organizations should immediately verify their MONAI version and upgrade to versions later than 1.5.1 where the vulnerability is patched. If upgrading is not immediately feasible, organizations should audit and restrict the sources of zip archives processed by MONAI, ensuring only trusted and verified content is used. Implementing additional file system monitoring to detect unexpected file writes outside designated directories can help identify exploitation attempts. Developers and administrators should review custom integrations with MONAI to ensure no unvalidated extraction of archives occurs. Applying application-layer sandboxing or containerization for MONAI processes can limit the impact of potential exploitation. Additionally, training staff to recognize and avoid interacting with suspicious files or inputs that could trigger the vulnerable function will reduce the risk of user interaction-based exploitation. Regular security assessments and code reviews focusing on input validation and safe file handling are recommended to prevent similar issues.