CVE-2026-41530

LOW 3.3

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

2th

The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name, then the archived files may be extracted to an unexpected folder.

Vendor	chitora soft
Product	lhaz
Published	May 12, 2026
Last Updated	May 12, 2026

Stay Ahead of the Next One

Get instant alerts for chitora soft lhaz

Be the first to know when new low vulnerabilities affecting chitora soft lhaz are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected Versions

Chitora soft / Lhaz

2.6.3 and earlier

Chitora soft / Lhaz+

3.6.3 and earlier

References

NVD ↗ CVE.org ↗ EPSS Data ↗

chitora.com: https://www.chitora.com/jvn68350834.html jvn.jp: https://jvn.jp/en/jp/JVN68350834/