Path Traversal Vulnerability in Junrar Java Library
CVE-2026-41245

5.9MEDIUM

Key Information:

Vendor

Junrar

Status
Junrar
Vendor
CVE Published:
20 April 2026

What is CVE-2026-41245?

The Junrar library, an open-source Java tool for handling RAR archives, is susceptible to a path traversal vulnerability that permits an attacker to write arbitrary files into sibling directories. This flaw occurs within the LocalFolderExtractor component when a maliciously crafted RAR archive is extracted. The issue has been addressed in version 7.5.10, so users are strongly advised to upgrade to this version or later to mitigate the risk of unauthorized file access.

Affected Version(s)

junrar < 7.5.10

References

https://github.com/junrar/junrar/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/junrar/junrar/commit/d77e9a83eb721cd51...
x_refsource_MISC
https://github.com/junrar/junrar/releases/tag/v7.5.10
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.