CVE-2026-43616
Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write
CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive extraction to write files outside the intended extraction directory and achieve persistent code execution by overwriting user startup scripts.
| CWE | CWE-23 |
| Vendor | horsicq |
| Product | die-engine |
| Published | May 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for horsicq die-engine
Be the first to know when new high vulnerabilities affecting horsicq die-engine are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
Affected Versions
horsicq / DIE-engine
0 < 3.21.0
References
github.com: https://github.com/horsicq/DIE-engine/releases/tag/3.21 github.com: https://github.com/horsicq/Detect-It-Easy github.com: https://github.com/horsicq/Formats/commit/56cdf50ee3c72c56284e2819b23e98332842d259 github.com: https://github.com/horsicq/XArchive/commit/6a2aa84c2fd120b704f76bb5c5ee3e9b5a7a0fcc github.com: https://github.com/horsicq/DIE-engine/commit/cbbe1688e58ffd430d284bf65f336973f083db69 github.com: https://github.com/horsicq/DIE-engine/commit/7fd300b926daf19707b2a36f0abe8b60a51308ee vulncheck.com: https://www.vulncheck.com/advisories/detect-it-easy-path-traversal-arbitrary-file-write
Credits
Mobasi Security Team