Compliance Impact

The vulnerability in Zhoros SuperBin v1.0.0 allows attackers to create ZIP archives with entries that can write files outside the intended extraction directory on Windows systems. This arbitrary file placement risk could potentially lead to unauthorized data exposure or modification during file extraction.

While the server-side storage is not directly compromised, the risk during extraction could impact data integrity and confidentiality, which are critical aspects of compliance with standards like GDPR and HIPAA.

Therefore, organizations using affected versions of SuperBin should consider this vulnerability when assessing their compliance posture, especially if they handle sensitive personal or health data and rely on Windows-style ZIP extraction workflows.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-50877 affects Zhoros SuperBin version 1.0.0 and involves a directory traversal vulnerability through attacker-supplied filenames in multipart file uploads.

Specifically, when creating ZIP archives for multiple-file downloads, filenames containing backslash traversal sequences (like ..\..\poc.txt) are preserved in the ZIP entries.

On Unix-like systems, forward slashes are stripped from filenames, but backslashes remain, which leads to malicious path traversal strings persisting in the ZIP archive.

When such a ZIP archive is extracted on Windows systems, where backslashes are interpreted as directory separators, this can cause files to be written outside the intended extraction directory.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to arbitrary file placement on Windows systems when users extract the malicious ZIP archive.

This means an attacker can cause files to be written outside the intended directory, potentially overwriting or creating files in sensitive locations.

While the server-side storage is not directly compromised, the risk arises during extraction on client or user systems using Windows-style extraction tools.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by inspecting ZIP archives generated by SuperBin v1.0.0 for entries containing backslash-based directory traversal sequences such as "..\..\" in filenames.

On a system where ZIP files are created, you can list the contents of a ZIP archive and look for suspicious filenames with backslashes or traversal patterns.

For example, using the unzip command on Unix-like systems to list ZIP contents:

• unzip -l suspicious_archive.zip

Then manually check for entries with backslash characters or traversal sequences like "..\" in the filenames.

Alternatively, you can use grep to search for backslash characters in the ZIP file entries:

• unzip -Z1 suspicious_archive.zip | grep '\\'

If such entries are found, it indicates the presence of the vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, avoid extracting ZIP archives generated by SuperBin v1.0.0 on Windows systems using Windows-style extraction tools that interpret backslashes as directory separators.

As an immediate step, validate and sanitize filenames before creating ZIP entries to remove or neutralize backslash traversal sequences.

If you are a user or administrator, consider using extraction tools that do not interpret backslashes as directory separators or that safely handle path traversal attempts.

Additionally, restrict or monitor uploads to SuperBin to prevent attacker-supplied filenames containing traversal characters.

Useful 0 Not Useful 0