ByteOS Network

junrar

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-41245

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-5.9||MEDIUM

EPSS-0.05% / 15.62%

7 Day CHG~0.00%

Published-20 Apr, 2026 | 15:15

Updated-23 Apr, 2026 | 13:35

Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix

Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes the issue.

Vendor-junrar_project junrar

Product-junrar junrar

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2026-28208

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-5.9||MEDIUM

EPSS-0.21% / 43.42%

7 Day CHG+0.01%

Published-26 Feb, 2026 | 22:20

Updated-02 Mar, 2026 | 21:16

Junrar has arbitrary file write due to backslash path traversal bypass in LocalFolderExtractor on Linux/Unix

Junrar is an open source java RAR archive library. Prior to version 7.5.8, a backslash path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content anywhere on the filesystem when a crafted RAR archive is extracted on Linux/Unix. This can often lead to remote code execution (e.g., overwriting shell profiles, source code, cron jobs, etc). Version 7.5.8 has a fix for the issue.

Vendor-junrar_project junrar

Product-junrar junrar

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')