Home / Vulnerability Intelligence / CVE-2026-27117

CVE-2026-27117 - Vulnerability Analysis

MediumCVSS: 5.5

Last Updated: February 25, 2026

bit7z - Path Traversal

Published: February 24, 2026Updated: February 25, 2026PoC Available

Overview

bit7z < 4.0.11 contains a path traversal vulnerability caused by inadequate validation of archive entry file paths, letting attackers write files outside the extraction directory, exploit requires malicious archive input.

Severity & Score

Severity: Medium

CVSS Score: 5.5

Impact

Attackers can write arbitrary files with process privileges, potentially overwriting binaries or sensitive data, leading to system compromise or data loss.

Mitigation

Upgrade to version 4.0.11 or later.

References

https://github.com/rikyoz/bit7z/security/advisories/GHSA-qvjh-hhw4-3gx9
https://github.com/rikyoz/bit7z/commit/31763da9a3e41a199c141c8d71f6c11de24b45cf
https://github.com/rikyoz/bit7z/commit/9e020483eefa5825ec9310b1d869933d4f77f969
https://github.com/rikyoz/bit7z/releases/tag/v4.0.11

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-27117
Severity: Medium
CVSS Score: 5.5
Type: path_traversal
Status: confirmed

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N