CVE-2026-26157

{"id": "CVE-2026-26157", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2026-02-11T21:16:21.400", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:13831", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-26157", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439039", "source": "secalert@redhat.com"}, {"url": "https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb", "source": "secalert@redhat.com"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-73"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en BusyBox. La sanitizaci\u00f3n incompleta de rutas en sus utilidades de extracci\u00f3n de archivos permite a un atacante crear archivos maliciosos que, al ser extra\u00eddos y bajo condiciones espec\u00edficas, pueden escribir en archivos fuera del directorio previsto. Esto puede llevar a una sobrescritura arbitraria de archivos, lo que podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo mediante la modificaci\u00f3n de archivos de sistema sensibles."}], "lastModified": "2026-06-02T14:16:49.930", "sourceIdentifier": "secalert@redhat.com"}