216.73.217.64

CVE-2026-40029

· Published 08/04/2026 22:16 · Modified 08/04/2026 22:16

Labels: CVE-2026-40029 2026-04-08CVE-2026-40029CWE-78[email protected]

Essential information

Published
08/04/2026 22:16
Modified
08/04/2026 22:16
Author
Creator
CVSS
8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen() shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can craft a .lnk filename with embedded shell metacharacters that execute arbitrary commands on the forensic examiner's machine during USB artifact parsing.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
parseusbs / parseusbs cpe:2.3:a:parseusbs:parseusbs:*:*:*:*:*:*:*:*

References