← Back

CVE-2026-43616

nvd nist
Published: May 4, 2026Modified: May 29, 2026

JSON object

Loading...
6.8
Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive extraction to write files outside the intended extraction directory and achieve persistent code execution by overwriting user startup scripts.

Affected (1)

Horsicq
1 product
Detect It Easy
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Detect It Easy
Before 3.21

Related CWEs

CWE-23
Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References (7)

Source: disclosure@vulncheck.com
Patch
Source: disclosure@vulncheck.com
Patch
Source: disclosure@vulncheck.com
Release Notes
Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
Patch
Source: disclosure@vulncheck.com
Patch
Source: disclosure@vulncheck.com
Third Party Advisory

Timeline

No history available yet.