Fabre

#1133073 sleuthkit: CVE-2026-40024 #1133073

Package:: src:sleuthkit

Source:: src:sleuthkit

Submitter:: Salvatore Bonaccorso

Date:: 2026-04-09 18:39:02 UTC

Severity:: normal

Tags:

#1133073#5

Date:: 2026-04-09 18:36:32 UTC

From:

To:

Hi,

The following vulnerability was published for sleuthkit.

CVE-2026-40024[0]:
| The Sleuth Kit through 4.14.0 contains a path traversal
| vulnerability in tsk_recover that allows an attacker to write files
| to arbitrary locations outside the intended recovery directory via
| crafted filenames or directory paths with path traversal sequences
| in a filesystem image. An attacker can craft a malicious filesystem
| image with embedded /../ sequences in filenames that, when processed
| by tsk_recover, writes files outside the output directory,
| potentially achieving code execution by overwriting shell
| configuration or cron entries.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-40024
https://www.cve.org/CVERecord?id=CVE-2026-40024
[1] https://github.com/sleuthkit/sleuthkit/commit/a3f96b3bc36a8bb1a00c297f77110d4a6e7dd31b

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#1133073 sleuthkit: CVE-2026-40024 #1133073

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)