FKIE_CVE-2026-27117

Vulnerability from fkie_nvd - Published: 2026-02-24 22:16 - Updated: 2026-02-25 20:29
Severity
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability ("Zip Slip") exists in bit7z's archive extraction functionality. The library does not adequately validate file paths contained in archive entries, allowing files to be written outside the intended extraction directory through three distinct mechanisms: relative path traversal, absolute path traversal, and symbolic link traversal. An attacker can exploit this by providing a malicious archive to any application that uses bit7z to extract untrusted archives. Successful exploitation results in arbitrary file write with the privileges of the process performing the extraction. This could lead to overwriting of application binaries, configuration files, or other sensitive data. The vulnerability does not directly enable reading of file contents; the confidentiality impact is limited to the calling application's own behavior after extraction. However, applications that subsequently serve or display extracted files may face secondary confidentiality risks from attacker-created symlinks. Fixes have been released in version 4.0.11. If upgrading is not immediately possible, users can mitigate the vulnerability by validating each entry's destination path before writing. Other mitigations include running extraction with least privilege and extracting untrusted archives in a sandboxed directory.
References
security-advisories@github.comhttps://github.com/rikyoz/bit7z/commit/31763da9a3e41a199c141c8d71f6c11de24b45cfPatch
security-advisories@github.comhttps://github.com/rikyoz/bit7z/commit/9e020483eefa5825ec9310b1d869933d4f77f969Patch
security-advisories@github.comhttps://github.com/rikyoz/bit7z/releases/tag/v4.0.11Release Notes
security-advisories@github.comhttps://github.com/rikyoz/bit7z/security/advisories/GHSA-qvjh-hhw4-3gx9Exploit, Vendor Advisory
Impacted products
Vendor Product Version
rikyoz bit7z *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rikyoz:bit7z:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "495AC7B7-7FAB-4BFA-BE04-58BD0C15D76C",
              "versionEndExcluding": "4.0.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability (\"Zip Slip\") exists in bit7z\u0027s archive extraction functionality. The library does not adequately validate file paths contained in archive entries, allowing files to be written outside the intended extraction directory through three distinct mechanisms: relative path traversal, absolute path traversal, and symbolic link traversal. An attacker can exploit this by providing a malicious archive to any application that uses bit7z to extract untrusted archives. Successful exploitation results in arbitrary file write with the privileges of the process performing the extraction. This could lead to overwriting of application binaries, configuration files, or other sensitive data. The vulnerability does not directly enable reading of file contents; the confidentiality impact is limited to the calling application\u0027s own behavior after extraction. However, applications that subsequently serve or display extracted files may face secondary confidentiality risks from attacker-created symlinks. Fixes have been released in version 4.0.11. If upgrading is not immediately possible, users can mitigate the vulnerability by validating each entry\u0027s destination path before writing. Other mitigations include running extraction with least privilege and extracting untrusted archives in a sandboxed directory."
    },
    {
      "lang": "es",
      "value": "bit7z es una librer\u00eda est\u00e1tica de C++ multiplataforma que permite la compresi\u00f3n/extracci\u00f3n de archivos de archivo. Antes de la versi\u00f3n 4.0.11, existe una vulnerabilidad de salto de ruta (\u0027Zip Slip\u0027) en la funcionalidad de extracci\u00f3n de archivos de bit7z. La librer\u00eda no valida adecuadamente las rutas de archivo contenidas en las entradas del archivo, permitiendo que los archivos se escriban fuera del directorio de extracci\u00f3n previsto a trav\u00e9s de tres mecanismos distintos: salto de ruta relativo, salto de ruta absoluto y salto de enlace simb\u00f3lico. Un atacante puede explotar esto proporcionando un archivo malicioso a cualquier aplicaci\u00f3n que utilice bit7z para extraer archivos no confiables. Si se explota con \u00e9xito se logra la escritura arbitraria de archivos con los privilegios del proceso que realiza la extracci\u00f3n. Esto podr\u00eda llevar a la sobrescritura de binarios de aplicaciones, archivos de configuraci\u00f3n u otros datos sensibles. La vulnerabilidad no permite directamente la lectura del contenido de los archivos; el impacto en la confidencialidad se limita al propio comportamiento de la aplicaci\u00f3n llamante despu\u00e9s de la extracci\u00f3n. Sin embargo, las aplicaciones que posteriormente sirven o muestran archivos extra\u00eddos pueden enfrentar riesgos secundarios de confidencialidad debido a enlaces simb\u00f3licos creados por el atacante. Se han lanzado correcciones en la versi\u00f3n 4.0.11. Si no es posible actualizar de inmediato, los usuarios pueden mitigar la vulnerabilidad validando la ruta de destino de cada entrada antes de escribir. Otras mitigaciones incluyen ejecutar la extracci\u00f3n con m\u00ednimo privilegio y extraer archivos no confiables en un directorio aislado (sandboxed)."
    }
  ],
  "id": "CVE-2026-27117",
  "lastModified": "2026-02-25T20:29:27.743",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-02-24T22:16:32.053",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/rikyoz/bit7z/commit/31763da9a3e41a199c141c8d71f6c11de24b45cf"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/rikyoz/bit7z/commit/9e020483eefa5825ec9310b1d869933d4f77f969"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/rikyoz/bit7z/releases/tag/v4.0.11"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/rikyoz/bit7z/security/advisories/GHSA-qvjh-hhw4-3gx9"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        },
        {
          "lang": "en",
          "value": "CWE-23"
        },
        {
          "lang": "en",
          "value": "CWE-36"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.