What is CVE-2026-45384?

CVE-2026-45384 is a medium-severity vulnerability, classified under Improper Link Resolution Before File Access. CVSS score: 6.1/10. Published 2026-06-10.

How severe is CVE-2026-45384?

Medium severity. CVSS v3 base score is 6.1 out of 10.

CVE-2026-45384

CVE-2026-45384

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive u…

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L.

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access
CWE-377 — Insecure Temporary File

References

security-advisories@github.com
security-advisories@github.com

Frequently asked questions

What is CVE-2026-45384?: CVE-2026-45384 is a medium-severity vulnerability, classified under Improper Link Resolution Before File Access. CVSS score: 6.1/10. Published 2026-06-10.
How severe is CVE-2026-45384?: Medium severity. CVSS v3 base score is 6.1 out of 10.