CVE-2026-40024

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions The Sleuth Kit versions through 4.14.0

Description The Sleuth Kit’s tsk recover component contains a path traversal flaw. An attacker can exploit this to write files to locations outside the intended recovery directory by using crafted filenames or directory paths within a filesystem image that include path traversal sequences. Specifically, crafting a malicious filesystem image with embedded '/../' sequences in filenames allows an attacker to write files outside the output directory when processed by tsk recover, potentially leading to code execution by overwriting system files like shell configurations or cron entries.

Recommendations Update versions of The Sleuth Kit to a version later than 4.14.0.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-40024

OESA-2026-1934

OESA-2026-1935

OESA-2026-1936

OESA-2026-1937

OESA-2026-1938

OESA-2026-1939

Affected Products

The Sleuth Kit

CVE-2026-40024

Weakness Enumeration

Related Identifiers

Affected Products

References · 24