PatchSiren cyber security CVE debrief
CVE-2026-45384 rikyoz CVE debrief
CVE-2026-45384 is a MEDIUM severity vulnerability in bit7z, a cross-platform C++ static library. The issue allows for arbitrary file overwrite via a symlink attack on predictable temp files during archive updates. This vulnerability has been patched in version 4.0.12.
- Vendor
- rikyoz
- Product
- bit7z
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Users of bit7z library versions prior to 4.0.12 should update to the latest version to mitigate this vulnerability.
Technical summary
The vulnerability exists in bit7z versions prior to 4.0.12. An attacker could exploit this vulnerability by creating a symlink to a target file, allowing for arbitrary file overwrite during archive updates.
Defensive priority
MEDIUM
Recommended defensive actions
- Update bit7z to version 4.0.12 or later.
Evidence notes
CVE-2026-45384 has a CVSS score of 6.1 and is classified as MEDIUM severity. The vulnerability was published on [cve-org] and additional details can be found on [nvd].
Official resources
CVE-2026-45384 was published on 2026-06-10T22:16:58.377Z and modified on 2026-06-11T15:35:13.130Z.