CVE-2026-27884
NetExec vulnerable to arbitrary file write via path traversal in spider_plus module
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
NetExec is a network execution tool. Prior to version 1.5.1, the module spider_plus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible for Linux SMB shares to have path traversal characters such as `../` in them. An attacker can craft a filename in an SMB share that includes these characters, which when spider_plus crawls and downloads, can write or overwrite arbitrary files. The issue is patched in v1.5.1. As a workaround, do not run spider_plus with DOWNLOAD=true against targets.
| CWE | CWE-22 |
| Vendor | pennyw0rth |
| Product | netexec |
| Published | Feb 26, 2026 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for pennyw0rth netexec
Be the first to know when new medium vulnerabilities affecting pennyw0rth netexec are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Affected Versions
Pennyw0rth / NetExec
< 1.5.1
References
github.com: https://github.com/Pennyw0rth/NetExec/security/advisories/GHSA-fccr-6qm2-7h27 github.com: https://github.com/Pennyw0rth/NetExec/issues/1120 github.com: https://github.com/Pennyw0rth/NetExec/pull/1121 github.com: https://github.com/Pennyw0rth/NetExec/commit/7d027f2774d0520b322d60f9c99b9ab3edb4035e