Vulnerability Details CVE-2026-41245
Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.5%
CVSS Severity
CVSS v3 Score 5.9
References
Products affected by CVE-2026-41245
-
cpe:2.3:a:junrar_project:junrar:-
-
cpe:2.3:a:junrar_project:junrar:0.6
-
cpe:2.3:a:junrar_project:junrar:0.7
-
cpe:2.3:a:junrar_project:junrar:1.0.0
-
cpe:2.3:a:junrar_project:junrar:1.0.1
-
cpe:2.3:a:junrar_project:junrar:2.0.0
-
cpe:2.3:a:junrar_project:junrar:3.0.0
-
cpe:2.3:a:junrar_project:junrar:3.1.0
-
cpe:2.3:a:junrar_project:junrar:3.1.1
-
cpe:2.3:a:junrar_project:junrar:4.0.0
-
cpe:2.3:a:junrar_project:junrar:5.0.0
-
cpe:2.3:a:junrar_project:junrar:6.0.0
-
cpe:2.3:a:junrar_project:junrar:6.0.1
-
cpe:2.3:a:junrar_project:junrar:7.0.0
-
cpe:2.3:a:junrar_project:junrar:7.1.0
-
cpe:2.3:a:junrar_project:junrar:7.2.0
-
cpe:2.3:a:junrar_project:junrar:7.3.0
-
cpe:2.3:a:junrar_project:junrar:7.4.0
-
cpe:2.3:a:junrar_project:junrar:7.4.1
-
cpe:2.3:a:junrar_project:junrar:7.5.0
-
cpe:2.3:a:junrar_project:junrar:7.5.1
-
cpe:2.3:a:junrar_project:junrar:7.5.2
-
cpe:2.3:a:junrar_project:junrar:7.5.3
-
cpe:2.3:a:junrar_project:junrar:7.5.4
-
cpe:2.3:a:junrar_project:junrar:7.5.5
-
cpe:2.3:a:junrar_project:junrar:7.5.6
-
cpe:2.3:a:junrar_project:junrar:7.5.7
-
cpe:2.3:a:junrar_project:junrar:7.5.8