← voltar
CVE-2026-43616

Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write

CVSS 6.8 MEDIUMEPSS 0.2%CWE-23
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
04 mai 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive extraction to write files outside the intended extraction directory and achieve persistent code execution by overwriting user startup scripts.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
horsicq · DIE-engine

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/horsicq/Detect-It-Easyhttps://github.com/horsicq/DIE-engine/commit/7fd300b926daf19707b2a36f0abe8b60a51308eehttps://github.com/horsicq/DIE-engine/commit/cbbe1688e58ffd430d284bf65f336973f083db69https://github.com/horsicq/DIE-engine/releases/tag/3.21https://github.com/horsicq/Formats/commit/56cdf50ee3c72c56284e2819b23e98332842d259https://github.com/horsicq/XArchive/commit/6a2aa84c2fd120b704f76bb5c5ee3e9b5a7a0fcchttps://www.vulncheck.com/advisories/detect-it-easy-path-traversal-arbitrary-file-write