CVE-2026-27117
Path Traversal Vulnerability in bit7z Archive Extraction Allows Arbitrary Write
Publication date: 2026-02-24
Last updated on: 2026-02-25
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rikyoz | bit7z | to 4.0.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-36 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory. |
| CWE-23 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in bit7z, a cross-platform C++ static library for archive compression and extraction, is a path traversal issue known as "Zip Slip." Prior to version 4.0.11, the library does not properly validate file paths in archive entries during extraction.
This flaw allows an attacker to craft malicious archive files that, when extracted, can write files outside the intended extraction directory by exploiting relative path traversal, absolute path traversal, or symbolic link traversal.
As a result, an attacker can cause arbitrary file writes with the privileges of the process performing the extraction, potentially overwriting application binaries, configuration files, or other sensitive data.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to arbitrary file writes on the system where the extraction occurs, using the privileges of the extracting process.
This can result in overwriting critical files such as application binaries or configuration files, which may cause application malfunction, unauthorized code execution, or system compromise.
Although the vulnerability does not directly allow reading of file contents, secondary confidentiality risks exist if the application serves or displays extracted files, especially if attacker-created symbolic links are involved.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate the bit7z path traversal vulnerability, you should upgrade to version 4.0.11 or later where the issue is fixed.
If upgrading is not immediately possible, validate each archive entry's destination path before writing to prevent files from being extracted outside the intended directory.
Other mitigation steps include running the extraction process with the least privilege necessary and extracting untrusted archives in a sandboxed directory.