CVE-2026-40024
Received Received - Intake
Path Traversal in Sleuth Kit tsk_recover Enables Code Execution

Publication date: 2026-04-08

Last updated on: 2026-04-15

Assigner: VulnCheck

Description
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can craft a malicious filesystem image with embedded /../ sequences in filenames that, when processed by tsk_recover, writes files outside the output directory, potentially achieving code execution by overwriting shell configuration or cron entries.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-15
Generated
2026-06-16
AI Q&A
2026-04-09
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40024
EUVD
EUVD-2026-20759
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sleuthkit the_sleuth_kit to 4.15.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in The Sleuth Kit through version 4.14.0, specifically in the tsk_recover tool. It is a path traversal vulnerability that allows an attacker to write files to arbitrary locations outside the intended recovery directory.

This happens because an attacker can craft a malicious filesystem image containing filenames or directory paths with path traversal sequences (such as /../). When tsk_recover processes this image, it writes files outside the designated output directory.

By exploiting this, an attacker could potentially overwrite important files like shell configuration files or cron entries, which might lead to code execution.

Impact Analysis

This vulnerability can have serious impacts including unauthorized file writes outside the intended directory, which can lead to overwriting critical system files.

Such overwrites could allow an attacker to execute arbitrary code by modifying shell configuration or scheduled tasks (cron entries), potentially compromising the affected system.

Compliance Impact

The vulnerability in Sleuth Kit's tsk_recover allows an attacker to write files to arbitrary locations outside the intended recovery directory, potentially leading to code execution by overwriting critical system files. This unauthorized file manipulation and potential code execution could result in unauthorized access or modification of sensitive data.

Such unauthorized access and data manipulation could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls over data integrity, confidentiality, and system security.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40024. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart