Following the Snappier security upgrade in CSHARP-6034, the release build for 3.8.1 is failing because of a separate transitive-dependency advisory:

• Advisory: https://github.com/advisories/GHSA-6c8g-7p36-r338 (CVE-2026-44788)
• Affected: SharpCompress 0.30.1 (and all versions ≤ 0.47.4)
• Severity: Moderate; currently unpatched upstream

The driver does not exercise the vulnerable code path (IArchive.WriteToDirectory()); SharpCompress is only used for in-memory ZLib stream compression of MongoDB wire-protocol messages. However, TreatWarningsAsErrors=true in the build props converts the NU1902 warning into a build error and breaks the release pipeline.