216.73.216.89

CVE-2026-26157

· Published 11/02/2026 21:16 · Modified 11/02/2026 21:16

Labels: CVE-2026-26157 2026-02-11CVE-2026-26157CWE-73[email protected]

Essential information

Published
11/02/2026 21:16
Modified
11/02/2026 21:16
Author
Creator
CVSS
7.0 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
busybox / busybox cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*

References