Description

Junrar is an open source java RAR archive library. Prior to version 7.5.8, a backslash path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content anywhere on the filesystem when a crafted RAR archive is extracted on Linux/Unix. This can often lead to remote code execution (e.g., overwriting shell profiles, source code, cron jobs, etc). Version 7.5.8 has a fix for the issue.

INFO

Published Date :

2026-02-26T22:20:03.765Z

Last Modified :

2026-03-02T20:47:15.670Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-28208 vulnerability.

Vendors Products
Junrar
  • Junrar
Junrar Project
  • Junrar
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-28208.

URL Resource
https://github.com/junrar/junrar/commit/947ff1d33f00f940aa68ae2593500291d799d954 cve-icon cve-icon cve-icon
https://github.com/junrar/junrar/releases/tag/v7.5.8 cve-icon cve-icon cve-icon
https://github.com/junrar/junrar/security/advisories/GHSA-j273-m5qq-6825 cve-icon cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-28208 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-28208 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact