CVE-2026-43616
7.1 HIGHDetect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by ...
Published: 2026-05-04 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 7.1 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
- CWE
- CWE-23
Affected products
| Vendor | Product |
|---|---|
| horsicq | detect-it-easy |
Description
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive extraction to write files outside the intended extraction directory and achieve persistent code execution by overwriting user startup scripts.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-43616
- [Patch]https://github.com/horsicq/DIE-engine/commit/7fd300b926daf19707b2a36f0abe8b60a51308ee
- [Patch]https://github.com/horsicq/DIE-engine/commit/cbbe1688e58ffd430d284bf65f336973f083db69
- [Other]https://github.com/horsicq/DIE-engine/releases/tag/3.21
- [Other]https://github.com/horsicq/Detect-It-Easy
- [Patch]https://github.com/horsicq/Formats/commit/56cdf50ee3c72c56284e2819b23e98332842d259
- [Patch]https://github.com/horsicq/XArchive/commit/6a2aa84c2fd120b704f76bb5c5ee3e9b5a7a0fcc
- [Other]https://www.vulncheck.com/advisories/detect-it-easy-path-traversal-arbitrary-file-write
Related CVEs
Same CWE
- CVE-2026-34026 — Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter ...
- CVE-2026-48569 — Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally (7.1 HIGH)
- CVE-2026-47287 — Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network (6.5 MEDIUM)
- CVE-2026-48681 — OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image (5.9 MEDIUM)
- CVE-2026-5422 — A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_p... (8.1 HIGH)