Description
A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.file_name leads to path traversal. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project maintainer confirms this issue: "I accept the existence of the Path Traversal vulnerability. However, as stated in the Github link, it reached EOL and as a result no actions should be expected." The GitHub repository mentions, that "[u]sers and contributors should migrate to binwalk v3." This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-04-27
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Path Traversal
Action: Upgrade
AI Analysis

Impact

A path traversal flaw exists in the WinCE Extraction Plugin’s read_null_terminated_string function, allowing any local user to manipulate the target file name argument and cause the plugin to resolve file paths outside the intended directory. The vulnerability can lead to reading arbitrary local files and therefore violates data confidentiality. The weakness is classified as CWE‑22.

Affected Systems

OSPG binwalk versions up to 2.4.3 are affected, and the project maintainer has terminated support for these releases. Users are directed to migrate to binwalk v3 or later, which removes the vulnerable plugin.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, implying limited public exploitation. The attack vector is strictly local; an attacker must have the ability to run binwalk on the target system to take advantage of the path traversal bug.

Generated by OpenCVE AI on April 28, 2026 at 12:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to binwalk v3 or later to eliminate the vulnerable plugin
  • If an upgrade is not possible, disable the winceextract plugin or prevent its execution from the local environment
  • Restrict local user privileges so that only trusted personnel can run binwalk, thereby limiting the window of exploitation

Generated by OpenCVE AI on April 28, 2026 at 12:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Ospg
Ospg binwalk
Vendors & Products Ospg
Ospg binwalk

Mon, 27 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.file_name leads to path traversal. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project maintainer confirms this issue: "I accept the existence of the Path Traversal vulnerability. However, as stated in the Github link, it reached EOL and as a result no actions should be expected." The GitHub repository mentions, that "[u]sers and contributors should migrate to binwalk v3." This vulnerability only affects products that are no longer supported by the maintainer.
Title OSPG binwalk WinCE Extraction Plugin winceextract.py read_null_terminated_string path traversal
Weaknesses CWE-22
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Ospg Binwalk
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-29T14:04:08.019Z

Reserved: 2026-04-27T08:31:20.082Z

Link: CVE-2026-7179

cve-icon Vulnrichment

Updated: 2026-04-29T14:04:04.563Z

cve-icon NVD

Status : Deferred

Published: 2026-04-27T23:16:03.660

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7179

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:00:15Z

Weaknesses