QwikSec

Security Database

CVE

CWE

Training

CVE-2026-43616

Published: May 4, 2026

Modified: May 4, 2026

PUBLISHED

CVSS v3.1

7.1

HIGH

Description

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive extraction to write files outside the intended extraction directory and achieve persistent code execution by overwriting user startup scripts.

Vendor	Product	Versions
horsicq	DIE-engine	affected `0 - < 3.21.0`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

References

https://github.com/horsicq/DIE-engine/releases/tag/3.21

release-notes

patch

https://github.com/horsicq/Detect-It-Easy

product

https://github.com/horsicq/Formats/commit/56cdf50ee3c72c56284e2819b23e98332842d259

patch

https://github.com/horsicq/XArchive/commit/6a2aa84c2fd120b704f76bb5c5ee3e9b5a7a0fcc

patch

https://github.com/horsicq/DIE-engine/commit/cbbe1688e58ffd430d284bf65f336973f083db69

patch

https://github.com/horsicq/DIE-engine/commit/7fd300b926daf19707b2a36f0abe8b60a51308ee

patch

https://www.vulncheck.com/advisories/detect-it-easy-path-traversal-arbitrary-file-write

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.