CVE-2026-28208

Name of the Vulnerable Software and Affected Versions Junrar versions prior to 7.5.8

Description Junrar is an open source java RAR archive library. A path traversal flaw exists in the LocalFolderExtractor component. When processing a specially crafted RAR archive on Linux/Unix systems, an attacker can write files to arbitrary locations on the filesystem. This can potentially lead to remote code execution through actions like overwriting system files such as shell profiles, source code, or scheduled tasks. The vulnerability is due to insufficient validation of file paths during extraction.

Recommendations Update Junrar to version 7.5.8 or later.