Description
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive extraction to write files outside the intended extraction directory and achieve persistent code execution by overwriting user startup scripts.
Published: 2026-05-04
Score: 6.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Detect‑It‑Easy prior to version 3.21 contains a path traversal flaw that permits an attacker to write arbitrary files to the local filesystem by including malicious archive entries with relative traversal sequences or absolute paths. The flaw is a CWE‑23 type vulnerability; it can be leveraged to overwrite user startup scripts or other critical files, thereby establishing persistent code execution on the affected system.

Affected Systems

The vulnerability affects the Detect‑It‑Easy tool (horsicq:DIE‑engine) version 3.21 and earlier.

Risk and Exploitability

The CVSS score of 6.8 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. The likely attack vector requires an adversary to supply a malicious archive that the victim processes with the tool, which can occur in a local or semi‑remote scenario when the tool is run on untrusted files.

Generated by OpenCVE AI on May 4, 2026 at 18:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Detect‑It‑Easy to version 3.21 or later.
  • If an upgrade is not immediately possible, isolate the tool and restrict its write permissions so it cannot modify files outside the intended extraction directory.
  • Apply strict path normalization and validation when extracting archives to reject any entry that attempts to reference a location outside the target directory.

Generated by OpenCVE AI on May 4, 2026 at 18:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Horsicq
Horsicq die-engine
Vendors & Products Horsicq
Horsicq die-engine

Mon, 04 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive extraction to write files outside the intended extraction directory and achieve persistent code execution by overwriting user startup scripts.
Title Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write
Weaknesses CWE-23
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Horsicq Die-engine
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-04T19:39:05.720Z

Reserved: 2026-05-01T18:22:45.639Z

Link: CVE-2026-43616

cve-icon Vulnrichment

Updated: 2026-05-04T19:38:58.358Z

cve-icon NVD

Status : Received

Published: 2026-05-04T18:16:32.830

Modified: 2026-05-04T18:16:32.830

Link: CVE-2026-43616

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:43:49Z

Weaknesses