216.73.217.64

CVE-2026-40024

· Published 08/04/2026 22:16 · Modified 08/04/2026 22:16

Labels: CVE-2026-40024 2026-04-08CVE-2026-40024CWE-22[email protected]

Essential information

Published
08/04/2026 22:16
Modified
08/04/2026 22:16
Author
Creator
CVSS
8.4 HIGH (v3) 8.4 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can craft a malicious filesystem image with embedded /../ sequences in filenames that, when processed by tsk_recover, writes files outside the output directory, potentially achieving code execution by overwriting shell configuration or cron entries.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
sleuthkit / sleuthkit cpe:2.3:a:sleuthkit:sleuthkit:<4.14.0:*:*:*:*:*:*:*

References