CVE-2026-45384

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-377CWE-59

Related Identifiers

CVE-2026-45384

Affected Products

Bit7Z

CVE-2026-45384

Weakness Enumeration

Related Identifiers

Affected Products

References · 3