CVE-2026-4741
Path Traversal in JoyConDroid UnzipUtil Allows Unauthorized Access
Publication date: 2026-03-24
Last updated on: 2026-03-24
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| teamjcd | joycondroid | to 1.0.93 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4741 is a Path Traversal vulnerability (also known as Zip Slip) found in the UnzipUtil component of the JoyConDroid project. This vulnerability allows attackers to craft malicious zip archives that, when extracted, can write files outside the intended extraction directory. This improper limitation of pathname enables an attacker to overwrite arbitrary files on the system, potentially leading to security breaches.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including arbitrary file overwrite outside the intended directory. An attacker exploiting this flaw could overwrite critical system or application files, leading to unauthorized code execution, data corruption, or system compromise. This can result in loss of data integrity, unauthorized access, and potential control over the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves a path traversal issue in the UnzipUtil component of JoyConDroid, where malicious zip archives can write files outside the intended extraction directory.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts on your system, you can monitor for unexpected file writes outside of designated extraction directories, especially following unzip operations related to JoyConDroid.'}, {'type': 'paragraph', 'content': 'Suggested commands include:'}, {'type': 'list_item', 'content': 'Use file system monitoring tools (e.g., inotifywait on Linux) to watch for file creations or modifications outside expected directories.'}, {'type': 'list_item', 'content': 'Search for recently extracted files with suspicious paths using commands like: find /path/to/extraction -type f -exec ls -l {} +'}, {'type': 'list_item', 'content': 'Check unzip logs or JoyConDroid logs for errors or exceptions related to path traversal or extraction failures.'}, {'type': 'list_item', 'content': "Use grep to find suspicious zip entries in archives before extraction, e.g.: unzip -l suspicious.zip | grep '\\.\\./'"}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to update JoyConDroid to a version later than 1.0.93 where the vulnerability has been fixed.
The fix includes path normalization and validation to ensure extracted files remain within the intended directory, improved resource management, and enhanced error handling to prevent exploitation.
Until an update is applied, avoid extracting untrusted zip archives with JoyConDroid, or manually inspect zip contents for path traversal patterns before extraction.
Additionally, consider restricting permissions of the extraction directory to limit potential damage from malicious file writes.