{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28208", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-25T15:28:40.648Z", "datePublished": "2026-02-26T22:20:03.765Z", "dateUpdated": "2026-03-02T20:47:15.670Z"}, "containers": {"cna": {"title": "Junrar has arbitrary file write due to backslash path traversal bypass in LocalFolderExtractor on Linux/Unix", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/junrar/junrar/security/advisories/GHSA-j273-m5qq-6825", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/junrar/junrar/security/advisories/GHSA-j273-m5qq-6825"}, {"name": "https://github.com/junrar/junrar/commit/947ff1d33f00f940aa68ae2593500291d799d954", "tags": ["x_refsource_MISC"], "url": "https://github.com/junrar/junrar/commit/947ff1d33f00f940aa68ae2593500291d799d954"}, {"name": "https://github.com/junrar/junrar/releases/tag/v7.5.8", "tags": ["x_refsource_MISC"], "url": "https://github.com/junrar/junrar/releases/tag/v7.5.8"}], "affected": [{"vendor": "junrar", "product": "junrar", "versions": [{"version": "< 7.5.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-26T22:20:03.765Z"}, "descriptions": [{"lang": "en", "value": "Junrar is an open source java RAR archive library. Prior to version 7.5.8, a backslash path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content anywhere on the filesystem when a crafted RAR archive is extracted on Linux/Unix. This can often lead to remote code execution (e.g., overwriting shell profiles, source code, cron jobs, etc). Version 7.5.8 has a fix for the issue."}], "source": {"advisory": "GHSA-j273-m5qq-6825", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/junrar/junrar/security/advisories/GHSA-j273-m5qq-6825", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T20:47:10.315561Z", "id": "CVE-2026-28208", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T20:47:15.670Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28208", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-02T20:47:10.315561Z"}}}], "references": [{"url": "https://github.com/junrar/junrar/security/advisories/GHSA-j273-m5qq-6825", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T20:47:04.767Z"}}], "cna": {"title": "Junrar has arbitrary file write due to backslash path traversal bypass in LocalFolderExtractor on Linux/Unix", "source": {"advisory": "GHSA-j273-m5qq-6825", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "junrar", "product": "junrar", "versions": [{"status": "affected", "version": "< 7.5.8"}]}], "references": [{"url": "https://github.com/junrar/junrar/security/advisories/GHSA-j273-m5qq-6825", "name": "https://github.com/junrar/junrar/security/advisories/GHSA-j273-m5qq-6825", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/junrar/junrar/commit/947ff1d33f00f940aa68ae2593500291d799d954", "name": "https://github.com/junrar/junrar/commit/947ff1d33f00f940aa68ae2593500291d799d954", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/junrar/junrar/releases/tag/v7.5.8", "name": "https://github.com/junrar/junrar/releases/tag/v7.5.8", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Junrar is an open source java RAR archive library. Prior to version 7.5.8, a backslash path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content anywhere on the filesystem when a crafted RAR archive is extracted on Linux/Unix. This can often lead to remote code execution (e.g., overwriting shell profiles, source code, cron jobs, etc). Version 7.5.8 has a fix for the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-26T22:20:03.765Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28208", "state": "PUBLISHED", "dateUpdated": "2026-03-02T20:47:15.670Z", "dateReserved": "2026-02-25T15:28:40.648Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-26T22:20:03.765Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:junrar_project:junrar:*:*:*:*:*:*:*:*", "matchCriteriaId": "38B5DED4-B9D7-4E60-8BB6-9D017DECD809", "versionEndExcluding": "7.5.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Junrar is an open source java RAR archive library. Prior to version 7.5.8, a backslash path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content anywhere on the filesystem when a crafted RAR archive is extracted on Linux/Unix. This can often lead to remote code execution (e.g., overwriting shell profiles, source code, cron jobs, etc). Version 7.5.8 has a fix for the issue."}, {"lang": "es", "value": "Junrar es una biblioteca de archivo RAR de Java de c\u00f3digo abierto. Antes de la versi\u00f3n 7.5.8, una vulnerabilidad de salto de ruta con barra invertida en 'LocalFolderExtractor' permite a un atacante escribir archivos arbitrarios con contenido controlado por el atacante en cualquier lugar del sistema de archivos cuando se extrae un archivo RAR manipulado en Linux/Unix. Esto a menudo puede conducir a la ejecuci\u00f3n remota de c\u00f3digo (por ejemplo, sobrescribiendo perfiles de shell, c\u00f3digo fuente, tareas cron, etc.). La versi\u00f3n 7.5.8 tiene una soluci\u00f3n para el problema."}], "id": "CVE-2026-28208", "lastModified": "2026-03-02T21:16:27.533", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-26T23:16:35.440", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/junrar/junrar/commit/947ff1d33f00f940aa68ae2593500291d799d954"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/junrar/junrar/releases/tag/v7.5.8"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/junrar/junrar/security/advisories/GHSA-j273-m5qq-6825"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/junrar/junrar/security/advisories/GHSA-j273-m5qq-6825"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "com.github.junrar/junrar: Junrar: Remote code execution via path traversal when extracting crafted RAR archives", "id": "2443166", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443166"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-22", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-28208", "package_state": [{"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Fix deferred", "package_name": "junrar", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Fix deferred", "package_name": "junrar", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Fix deferred", "package_name": "junrar", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}], "public_date": "2026-02-26T22:20:03Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-28208\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28208\nhttps://github.com/junrar/junrar/commit/947ff1d33f00f940aa68ae2593500291d799d954\nhttps://github.com/junrar/junrar/releases/tag/v7.5.8\nhttps://github.com/junrar/junrar/security/advisories/GHSA-j273-m5qq-6825"], "threat_severity": "Moderate"}