CVE-2026-45384
Received Received - Intake
Arbitrary File Overwrite in bit7z via Symlink Attack

Publication date: 2026-06-10

Last updated on: 2026-06-11

Assigner: GitHub, Inc.

Description
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-11
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-45384
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bit7z bit7z to 4.0.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-377 Creating and using insecure temporary files can leave application and system data vulnerable to attack.
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in bit7z, a cross-platform C++ static library for compressing and extracting archive files, is an arbitrary file overwrite issue. It occurs via a symlink attack on predictable temporary files during the archive update process. This means an attacker could potentially overwrite files they should not have access to by exploiting the way temporary files are handled.

Compliance Impact

The vulnerability in bit7z allows arbitrary file overwrite via a symlink attack on predictable temporary files during archive update. This could potentially lead to unauthorized modification of files, which may impact data integrity.

However, there is no direct information provided about how this vulnerability specifically affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can lead to unauthorized modification of files due to arbitrary file overwrite. An attacker with local access and low privileges could exploit this to alter important files, potentially causing data integrity issues or system instability.

Mitigation Strategies

To mitigate this vulnerability, you should update bit7z to version 4.0.12 or later, as this version contains the patch that fixes the arbitrary file overwrite vulnerability via symlink attack.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45384. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart