cvedb.io
CVE-2026-27117
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2026-02-24T22:16:32.053 · Last modified 2026-06-17T10:26:41.840

Summary

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability ("Zip Slip") exists in bit7z's archive extraction functionality. The library does not adequately validate file paths contained in archive entries, allowing files to be written outside the intended extraction directory through three distinct mechanisms: relative path traversal, absolute path traversal, and symbolic link traversal. An attacker can exploit this by providing a malicious archive to any application that uses bit7z to extract untrusted archives. Successful exploitation results in arbitrary file write with the privileges of the process performing the extraction. This could lead to overwriting of application binaries, configur

Affected products

rikyoz — bit7z

Does this affect you?

Add your gear to cvedb and we'll alert you only when rikyoz ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.