CVE

CVE-2026-26157

busybox: BusyBox: Arbitrary file overwrite and potential code execution via incomplete path sanitization (important)

CVE

CVE-2026-26157

busybox: BusyBox: Arbitrary file overwrite and potential code execution via incomplete path sanitization (important)

DOCUMENTATION: A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.

MITIGATION: As a prevention measure, avoid extracting archives from untrusted sources using BusyBox utilities. If extraction of untrusted archives is necessary, perform it within a highly isolated and restricted environment, such as a container with a read-only root filesystem and minimal privileges, to limit the potential impact of arbitrary file overwrites.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

3.1

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://access.redhat.com/security/cve/CVE-2026-26157

Severity

0

CVSS Score

Basic Information

Ecosystem

Base CVSS

EPSS Probability

0.00006%

EPSS Percentile

0.00275%

Introduced Version

Fix Available

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2026-26157

CVE-2026-26157

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

0

Basic Information

Fix Critical Vulnerabilities Instantly