CVE-2026-45384
6.1 MEDIUMbit7z is a cross-platform C++ static library that allows the compression/extraction of archive files
Published: 2026-06-10 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 6.1 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
- CWE
- CWE-377, CWE-59
Description
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-53476 — A flaw was found in assisted-migration-agent (9.6 CRITICAL)
- CVE-2026-11853 — Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution (6.5 MEDIUM)
- CVE-2026-11837 — A local privilege escalation vulnerability was found in the ansible.posix authorized_key module (7.3 HIGH)
- CVE-2026-50511 — Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privilege... (7.8 HIGH)
- CVE-2026-44275 — Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vuln... (6.3 MEDIUM)