CVE-2026-41245

EUVD-2026-23872 MEDIUM

2026-04-20 GitHub_M

Path Traversal Java

5.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 20, 2026 - 16:23 vuln.today

patch_available

Apr 20, 2026 - 16:01 EUVD

DescriptionNVD

Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes the issue.

AnalysisAI

Path traversal in Junrar library versions prior to 7.5.10 allows remote attackers to write arbitrary files into sibling directories by extracting a crafted RAR archive, enabling unauthorized file creation and potential code injection. The vulnerability requires high attack complexity (AC:H) but no authentication or user interaction, affecting any Java application using vulnerable Junrar versions to process untrusted RAR files. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41245 vulnerability details – vuln.today

Back

CVE-2026-41245

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code