Path Traversal Vulnerability in Detect-It-Easy Software by Horsicq
CVE-2026-43616

6.8MEDIUM

Key Information:

Vendor

Horsicq

Status
Die-engine
Vendor
CVE Published:
4 May 2026

What is CVE-2026-43616?

Detect-It-Easy, an application developed by Horsicq, has a vulnerability that enables attackers to perform path traversal, subsequently allowing them to write arbitrary files to the system's filesystem. This weakness arises from inadequate path normalization during the extraction of malicious archive entries, which can utilize either relative or absolute paths. By exploiting this vulnerability, attackers have the potential to write files outside the designated extraction directory, creating the risk of persistent code execution by overwriting essential user startup scripts.

Affected Version(s)

DIE-engine 0

References

https://github.com/horsicq/DIE-engine/releases/tag/3.21
release-notespatch
https://github.com/horsicq/Detect-It-Easy
product
https://github.com/horsicq/Formats/commit/56cdf50ee3c72c5...
patch

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mobasi Security Team
.