CVE-2026-41530

Name of the Vulnerable Software and Affected Versions Lhaz (affected versions not specified) Lhaz+ (affected versions not specified)

Description The automatic folder creation feature in Lhaz and Lhaz+ contains a path traversal issue. Path traversal is a flaw that allows files to be written or read from locations outside the intended directory. When this feature is enabled, extracting an archive with a specially crafted file name can cause files to be extracted to an unexpected folder.

Recommendations As a temporary workaround, disable the automatic folder creation feature. At the moment, there is no information about a newer version that contains a fix for this vulnerability.