CVE-2026-43616

Name of the Vulnerable Software and Affected Versions Detect-It-Easy versions prior to 3.21

Description Insufficient path normalization during archive extraction allows attackers to write arbitrary files to the filesystem. By crafting malicious archive entries using absolute paths or relative traversal sequences, an attacker can write files outside the intended extraction directory. This can lead to persistent code execution if user startup scripts are overwritten.

Recommendations Update to version 3.21 or later.