CVE-2026-27884 - Vulnerability Details

- NetExec vulnerable to arbitrary file write via path traversal in spider_plus module

Description

NetExec is a network execution tool. Prior to version 1.5.1, the module spider_plus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible for Linux SMB shares to have path traversal characters such as `../` in them. An attacker can craft a filename in an SMB share that includes these characters, which when spider_plus crawls and downloads, can write or overwrite arbitrary files. The issue is patched in v1.5.1. As a workaround, do not run spider_plus with DOWNLOAD=true against targets.

Published: 2026-02-26

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

NetExec is a network execution tool that includes a spider_plus module to crawl and download files from SMB shares. Before version 1.5.1 the module creates the output file and folder path without normalizing path traversal characters such as ".." that can exist in Linux SMB share names. An attacker can craft a share name that contains these characters; when spider_plus crawls and downloads, it can create or overwrite arbitrary files on the host where it runs, allowing the modification of critical files or injection of code and thereby compromising confidentiality, integrity, or availability.

Affected Systems

The vulnerability exists in all releases of NetExec before v1.5.1 by Pennyw0rth. Users running any earlier version and using the spider_plus module with the DOWNLOAD option enabled are affected.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. The EPSS score of less than 1 % suggests a low likelihood of exploitation in available data, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires an attacker to create an SMB share with a malicious name that includes path traversal characters and have the target system run spider_plus against that share with DOWNLOAD enabled. The impact is limited to the system on which spider_plus executes, as the flaw allows overwriting or creating arbitrary files there.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Pennyw0rth

NetExec

affected

Version	Status	Constraints
`< 1.5.1`	affected	—

No data.

Vendor Product Confidence Versions

Pennyw0rth

Netexec

100%

Version	Status	Scheme	Platform
`[0,1.5.1)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade NetExec to version 1.5.1 or later, which includes the path traversal fix.
If an upgrade is not possible, avoid running spider_plus with DOWNLOAD=true against SMB targets.
Validate or sanitize SMB share names to ensure they do not contain path traversal characters such as "../" before using them as download sources.

Generated by OpenCVE AI on April 18, 2026 at 17:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00329.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/Pennyw0rth/NetExec/commit/7d027f2774d0520b322d60f9c99b9ab3edb4035e
https://github.com/Pennyw0rth/NetExec/issues/1120
https://github.com/Pennyw0rth/NetExec/pull/1121
https://github.com/Pennyw0rth/NetExec/security/advisories/GHSA-fccr-6qm2-7h27

History

Thu, 26 Feb 2026 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Pennyw0rth Pennyw0rth netexec
Vendors & Products		Pennyw0rth Pennyw0rth netexec

Thu, 26 Feb 2026 01:00:00 +0000

Type	Values Removed	Values Added
Description		NetExec is a network execution tool. Prior to version 1.5.1, the module spider_plus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible for Linux SMB shares to have path traversal characters such as `../` in them. An attacker can craft a filename in an SMB share that includes these characters, which when spider_plus crawls and downloads, can write or overwrite arbitrary files. The issue is patched in v1.5.1. As a workaround, do not run spider_plus with DOWNLOAD=true against targets.
Title		NetExec vulnerable to arbitrary file write via path traversal in spider_plus module
Weaknesses		CWE-22
References		https://github.com/Pennyw0rth/NetExec/commit/7d027f2774d0520b322d60f9c99b9ab3edb4035e https://github.com/Pennyw0rth/NetExec/issues/1120 https://github.com/Pennyw0rth/NetExec/pull/1121 https://github.com/Pennyw0rth/NetExec/security/advisories/GHSA-fccr-6qm2-7h27
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N'}`

Subscriptions

Pennyw0rth Netexec

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-02-26T00:39:15.832Z

Updated: 2026-02-26T16:18:09.879Z

Reserved: 2026-02-24T15:19:29.716Z

Link: CVE-2026-27884

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2026-02-26T01:16:25.293

Modified: 2026-06-17T10:27:49.083

Link: CVE-2026-27884

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T17:45:06Z

Weaknesses

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object