Skip to main content

Red Hat CVE-2026-40024

| EUVDEUVD-2026-20759 HIGH
Path Traversal (CWE-22)
2026-04-08 VulnCheck GHSA-995r-jc2c-558w
8.4
CVSS 4.0 · NVD
Temporal: 7.1
Share

Severity by source

NVD PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CIRCL (temporal)
7.1 HIGH
cvss
SUSE
7.1 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Red Hat
7.9 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

5
Re-analysis Queued
Apr 15, 2026 - 21:07 vuln.today
cvss_changed
EUVD ID Assigned
Apr 08, 2026 - 22:01 euvd
EUVD-2026-20759
Analysis Generated
Apr 08, 2026 - 22:01 vuln.today
Patch released
Apr 08, 2026 - 22:01 nvd
Patch available
CVE Published
Apr 08, 2026 - 21:35 nvd
HIGH 8.4

DescriptionCVE.org

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can craft a malicious filesystem image with embedded /../ sequences in filenames that, when processed by tsk_recover, writes files outside the output directory, potentially achieving code execution by overwriting shell configuration or cron entries.

AnalysisAI

Path traversal in The Sleuth Kit (tsk_recover) through version 4.14.0 allows local attackers to write files outside intended recovery directories via malicious filesystem images. Crafted filenames with ../ sequences in processed disk images can overwrite arbitrary files, enabling potential code execution through shell configuration or cron file manipulation. Exploitation requires user interaction (processing attacker-supplied filesystem image). No public exploit identified at time of analysis.

Technical ContextAI

CWE-22 path traversal vulnerability in tsk_recover utility fails to sanitize directory traversal sequences embedded within filesystem metadata. When parsing crafted images containing /../ patterns in file/directory names, the tool performs unsafe path concatenation, writing recovered files to unvalidated locations on host filesystem. CVSS vector indicates local access with required user interaction (UI:P) and unauthenticated context (PR:N).

RemediationAI

Vendor-released patch: upstream fix available via GitHub commit a3f96b3bc36a8bb1a00c297f77110d4a6e7dd31b; released patched version not independently confirmed. Apply commit patch from https://github.com/sleuthkit/sleuthkit/commit/a3f96b3bc36a8bb1a00c297f77110d4a6e7dd31b or monitor vendor for packaged release. Workaround: Restrict tsk_recover processing to trusted filesystem images only, operate tool within isolated sandbox environments with constrained write permissions, and validate recovery output paths do not traverse parent directories. Review VulnCheck advisory at https://www.vulncheck.com/advisories/sleuth-kit-tsk-recover-path-traversal for additional guidance.

Vendor StatusVendor

SUSE

Severity: High

Share

CVE-2026-40024 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy