CVE-2026-43616

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive extraction to write files outside the intended extraction directory and achieve persistent code execution by overwriting user startup scripts.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/horsicq/DIE-engine/commit/7fd300b926daf19707b2a36f0abe8b60a51308ee	Patch
https://github.com/horsicq/DIE-engine/commit/cbbe1688e58ffd430d284bf65f336973f083db69	Patch
https://github.com/horsicq/DIE-engine/releases/tag/3.21	Release Notes
https://github.com/horsicq/Detect-It-Easy	Product
https://github.com/horsicq/Formats/commit/56cdf50ee3c72c56284e2819b23e98332842d259	Patch
https://github.com/horsicq/XArchive/commit/6a2aa84c2fd120b704f76bb5c5ee3e9b5a7a0fcc	Patch
https://www.vulncheck.com/advisories/detect-it-easy-path-traversal-arbitrary-file-write	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:horsicq:detect-it-easy:*:*:*:*:*:*:*:*

History

29 May 2026, 14:01

Type	Values Removed	Values Added
CPE		cpe:2.3:a:horsicq:detect-it-easy::::::::
References	~~() https://github.com/horsicq/DIE-engine/commit/7fd300b926daf19707b2a36f0abe8b60a51308ee -~~	() https://github.com/horsicq/DIE-engine/commit/7fd300b926daf19707b2a36f0abe8b60a51308ee - Patch
References	~~() https://github.com/horsicq/DIE-engine/commit/cbbe1688e58ffd430d284bf65f336973f083db69 -~~	() https://github.com/horsicq/DIE-engine/commit/cbbe1688e58ffd430d284bf65f336973f083db69 - Patch
References	~~() https://github.com/horsicq/DIE-engine/releases/tag/3.21 -~~	() https://github.com/horsicq/DIE-engine/releases/tag/3.21 - Release Notes
References	~~() https://github.com/horsicq/Detect-It-Easy -~~	() https://github.com/horsicq/Detect-It-Easy - Product
References	~~() https://github.com/horsicq/Formats/commit/56cdf50ee3c72c56284e2819b23e98332842d259 -~~	() https://github.com/horsicq/Formats/commit/56cdf50ee3c72c56284e2819b23e98332842d259 - Patch
References	~~() https://github.com/horsicq/XArchive/commit/6a2aa84c2fd120b704f76bb5c5ee3e9b5a7a0fcc -~~	() https://github.com/horsicq/XArchive/commit/6a2aa84c2fd120b704f76bb5c5ee3e9b5a7a0fcc - Patch
References	~~() https://www.vulncheck.com/advisories/detect-it-easy-path-traversal-arbitrary-file-write -~~	() https://www.vulncheck.com/advisories/detect-it-easy-path-traversal-arbitrary-file-write - Third Party Advisory
First Time		Horsicq detect-it-easy Horsicq

04 May 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-04 18:16

Updated : 2026-05-29 14:01

NVD link : CVE-2026-43616

Mitre link : CVE-2026-43616

CVE.ORG link : CVE-2026-43616

JSON object : View

Products Affected

horsicq

detect-it-easy

CWE

CWE-23

Relative Path Traversal

7.1 /10