CVE-2026-41245

Published April 20th, 2026

View on NVD ↗

CVSS v3

5.9

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes the issue.

junrar/junrar

Plain Java unrar library

GitHub

309