CVE-2026-43616 MEDIUM

CVE-2026-43616: Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write

Vendor Horsicq

Product DIE-engine

Weakness CWE-23

Published May 4, 2026

Last update May 4, 2026

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive extraction to write files outside the intended extraction directory and achieve persistent code execution by overwriting user startup scripts.

Key dates

02Disclosure timeline

May 4, 2026 CVE published

May 4, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-43616 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/23.html

Related vulnerabilities

CVE-2026-43616: Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write

01Description

02Disclosure timeline

03References

04Related CVE