CVE-2026-26157

HIGH

7.0

Descricao

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.

Detalhes CVE

Pontuacao CVSS v3.17.0

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Vetor de ataqueLOCAL

ComplexidadeHIGH

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado2/11/2026

Ultima modificacao2/12/2026

Fontenvd

Avistamentos honeypot0

Fraquezas (CWE)

CWE-73

Referencias

https://access.redhat.com/security/cve/CVE-2026-26157(secalert@redhat.com)

https://bugzilla.redhat.com/show_bug.cgi?id=2439039(secalert@redhat.com)

https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb(secalert@redhat.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.