These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-45384 is a MEDIUM severity vulnerability in bit7z, a cross-platform C++ static library. The issue allows for arbitrary file overwrite via a symlink attack on predictable temp files during archive updates. This vulnerability has been patched in version 4.0.12.
CVE-2026-45380 is a LOW severity vulnerability in bit7z, a C++ static library for compressing and extracting archive files. An attacker can craft a malicious .7z archive that, when extracted with bit7z on non-Windows platforms, creates a symlink outside the intended output directory. This allows subsequent archive entries to write arbitrary files outside the extraction directory with the permissions of th [truncated]