CVE-2026-41245

Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix

Description

Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes the issue.

INFO

Published Date :

2026-04-20T15:15:24.540Z

Last Modified :

2026-04-20T16:35:09.317Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-41245 vulnerability.

Vendors	Products
Junrar	Junrar
Junrar Project	Junrar

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-41245.

URL	Resource
https://github.com/junrar/junrar/commit/d77e9a83eb721cd51f9c23d7869d0e6ad7f952d7
https://github.com/junrar/junrar/releases/tag/v7.5.10
https://github.com/junrar/junrar/security/advisories/GHSA-hf5p-q87m-crj7
https://nvd.nist.gov/vuln/detail/CVE-2026-41245
https://www.cve.org/CVERecord?id=CVE-2026-41245

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact