HIGHVulnerability
Verified
Global
NVD HIGH: CVE-2026-40024 — The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_rec...
·Source: NIST NVD
Updated:
Executive Summary
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can craft a malicious filesystem image with embedded /../ sequences in filenames that, when processed by ts
Analysis
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can craft a malicious filesystem image with embedded /../ sequences in filenames that, when processed by tsk_recover, writes files outside the output directory, potentially achieving code execution by overwriting shell configuration or cron entries. CVSS Score: 7.1. Published: 2026-04-08T22:16:22.430.