{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41245", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-18T03:47:03.135Z", "datePublished": "2026-04-20T15:15:24.540Z", "dateUpdated": "2026-04-20T16:35:09.317Z"}, "containers": {"cna": {"title": "Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/junrar/junrar/security/advisories/GHSA-hf5p-q87m-crj7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/junrar/junrar/security/advisories/GHSA-hf5p-q87m-crj7"}, {"name": "https://github.com/junrar/junrar/commit/d77e9a83eb721cd51f9c23d7869d0e6ad7f952d7", "tags": ["x_refsource_MISC"], "url": "https://github.com/junrar/junrar/commit/d77e9a83eb721cd51f9c23d7869d0e6ad7f952d7"}, {"name": "https://github.com/junrar/junrar/releases/tag/v7.5.10", "tags": ["x_refsource_MISC"], "url": "https://github.com/junrar/junrar/releases/tag/v7.5.10"}], "affected": [{"vendor": "junrar", "product": "junrar", "versions": [{"version": "< 7.5.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-20T15:15:24.540Z"}, "descriptions": [{"lang": "en", "value": "Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes the issue."}], "source": {"advisory": "GHSA-hf5p-q87m-crj7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T16:34:57.979470Z", "id": "CVE-2026-41245", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:35:09.317Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41245", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T16:34:57.979470Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:35:04.276Z"}}], "cna": {"title": "Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix", "source": {"advisory": "GHSA-hf5p-q87m-crj7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "junrar", "product": "junrar", "versions": [{"status": "affected", "version": "< 7.5.10"}]}], "references": [{"url": "https://github.com/junrar/junrar/security/advisories/GHSA-hf5p-q87m-crj7", "name": "https://github.com/junrar/junrar/security/advisories/GHSA-hf5p-q87m-crj7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/junrar/junrar/commit/d77e9a83eb721cd51f9c23d7869d0e6ad7f952d7", "name": "https://github.com/junrar/junrar/commit/d77e9a83eb721cd51f9c23d7869d0e6ad7f952d7", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/junrar/junrar/releases/tag/v7.5.10", "name": "https://github.com/junrar/junrar/releases/tag/v7.5.10", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-20T15:15:24.540Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41245", "state": "PUBLISHED", "dateUpdated": "2026-04-20T16:35:09.317Z", "dateReserved": "2026-04-18T03:47:03.135Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-20T15:15:24.540Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:junrar_project:junrar:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5AB4A5B-B3EA-49D2-97C2-E1D06590E098", "versionEndExcluding": "7.5.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes the issue."}], "id": "CVE-2026-41245", "lastModified": "2026-04-23T13:35:45.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-20T16:16:49.113", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/junrar/junrar/commit/d77e9a83eb721cd51f9c23d7869d0e6ad7f952d7"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/junrar/junrar/releases/tag/v7.5.10"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/junrar/junrar/security/advisories/GHSA-hf5p-q87m-crj7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "junrar: Junrar: Arbitrary file write via path traversal when extracting crafted RAR archives.", "id": "2459769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459769"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H", "status": "draft"}, "cwe": "CWE-22", "details": ["A flaw was found in Junrar, an open-source Java RAR archive library. A path traversal vulnerability in the `LocalFolderExtractor` allows a remote attacker to write arbitrary files with attacker-controlled content into sibling directories. This occurs when a specially crafted RAR archive is extracted, potentially leading to unauthorized file creation or modification outside the intended extraction path."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, avoid processing RAR archives from untrusted sources. Restrict the extraction of RAR archives to only those originating from known and verified origins. This operational control reduces the risk of exploiting the path traversal flaw in Junrar by preventing the processing of malicious archives."}, "name": "CVE-2026-41245", "package_state": [{"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "junrar", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "junrar", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "junrar", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}], "public_date": "2026-04-20T15:15:24Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-41245\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-41245\nhttps://github.com/junrar/junrar/commit/d77e9a83eb721cd51f9c23d7869d0e6ad7f952d7\nhttps://github.com/junrar/junrar/releases/tag/v7.5.10\nhttps://github.com/junrar/junrar/security/advisories/GHSA-hf5p-q87m-crj7"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.5.10)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "junrar", "source": "cna", "vendor": "junrar"}, "product": "junrar", "vendor": "junrar"}], "analysis": {"en": {"generated_at": "2026-04-20T18:39:45.351364+00:00", "value": {"mitigation_remediation": ["Upgrade the Junrar library to version 7.5.10 or later to eliminate the path traversal flaw", "Configure the extraction process to validate and sanitize file paths, rejecting any RAR entries that reference sibling directories or use relative paths outside the intended extraction directory", "Run the extraction operation in a sandboxed or restricted environment to limit the scope of any unauthorized file writes"], "summary": {"action": "Apply Patch", "impact": "Unauthorized file write"}, "threat_synthesis": {"affected_systems": "Affected systems include any Java application that incorporates junrar:junrar prior to version 7.5.10. Versions older than v7.5.10 are vulnerable. The issue is fixed in junrar 7.5.10 and later releases. The product is an open\u2011source RAR archive handling library used in projects that process compressed files.", "description_and_impact": "The vulnerability is a path traversal flaw, designated CWE-22, located in the LocalFolderExtractor component of the Junrar Java library. An attacker can construct a RAR archive that contains a file whose member name begins with a sibling directory prefix. When the archive is extracted, the library writes the file into the sibling directory, allowing the attacker to create or overwrite arbitrary files with attacker-controlled data. Because the content is fully under the attacker\u2019s control, the flaw can lead to unauthorized file writes, potentially overwriting existing files or placing new files where the application does not expect them.", "risk_and_exploitability": "The CVSS score of 5.9 classifies the vulnerability as medium severity, and there is no EPSS score indicating current exploitation probability. The flaw is not listed in the CISA KEV catalog. The most likely way to exploit the issue is by supplying a crafted RAR archive to an application that uses the vulnerable library, which is typically a local or vendor\u2011side operation. The impact is limited to the machine or container where extraction occurs, but can still result in unauthorized file creation or overwrite."}}}}, "created": "2026-04-20T16:30:06.097385+00:00", "updated": "2026-04-20T18:45:14.227681+00:00", "vendors": ["junrar", "junrar$PRODUCT$junrar"]}