CVE-2026-41245
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk26th percentile - higher than 26% of all known CVEs
Summary
In the Junrar library prior to version 7.5.10, a path traversal vulnerability in the `LocalFolderExtractor` class allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when extracting a crafted RAR archive.
Risk Assessment
The organization is at risk of overwriting or injecting malicious files into the system, potentially leading to privilege escalation, unauthorized code execution, or data integrity compromise.
Recommendation
Immediately update the Junrar library to version 7.5.10 or later, which contains the fix for this vulnerability.
Original NVD description (English source)
Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes the issue.

