CVE-2022-48579

HIGH

UnRAR < 6.2.3 - Directory Traversal via Symlink Chains

Title source: llm

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.

Core 2

Core References

Patch

Mailing List mailing-list

CVSS v3 7.5

EPSS 0.0072

EPSS Percentile 49.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

CWE

CWE-59

Status published

Products (1)

rarlab/unrar < 6.2.3

Published Aug 07, 2023

Tracked Since Feb 18, 2026