CVE-2026-45384
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
In the bit7z library prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12.
Risk Assessment
An attacker could exploit this vulnerability to overwrite arbitrary files on the system, potentially leading to data loss or malware installation. Organizations should be aware of the risks associated with outdated versions of the library.
Recommendation
It is recommended to update the bit7z library to version 4.0.12 or later to mitigate this vulnerability. A system audit should also be conducted to identify potential threats related to this flaw.
Original NVD description (English source)
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12.

