2456740 – (CVE-2026-40024) CVE-2026-40024 sleuthkit: tsk_recover: The Sleuth Kit: Arbitrary code execution via path traversal in tsk_recover

Bug 2456740 (CVE-2026-40024) - CVE-2026-40024 sleuthkit: tsk_recover: The Sleuth Kit: Arbitrary code execution via path traversal in tsk_recover

Summary: CVE-2026-40024 sleuthkit: tsk_recover: The Sleuth Kit: Arbitrary code executi...

Keywords:
Status:	NEW
Alias:	CVE-2026-40024
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2458081 2458082 2458083
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-08 22:01 UTC by OSIDB Bzimport
Modified:	2026-04-13 23:42 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-08 22:01:40 UTC

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can craft a malicious filesystem image with embedded /../ sequences in filenames that, when processed by tsk_recover, writes files outside the output directory, potentially achieving code execution by overwriting shell configuration or cron entries.

Note You need to log in before you can comment on or make changes to this bug.