CVE-2026-40024

Published April 9, 2026 · Updated April 9, 2026

7.1CVSS

high

What This Means

CVE-2026-40024 is a high-severity path traversal vulnerability found in Sleuth Kit versions up to 4.14.0. It allows an attacker to exploit the tsk_recover tool by crafting filesystem images with malicious filenames containing path traversal sequences (e.g., /../), which can lead to writing files to arbitrary locations on the filesystem. To mitigate this risk, restrict access to tsk_recover and ensure that users are not processing untrusted filesystem images. Upgrading to the latest version of Sleuth Kit that addresses this vulnerability is recommended.

Official Description+

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can craft a malicious filesystem image with embedded /../ sequences in filenames that, when processed by tsk_recover, writes files outside the output directory, potentially achieving code execution by overwriting shell configuration or cron entries.

Recommended Actions

Check if your systems use any of the affected products listed above.
Apply vendor patches immediately if available.
Monitor vendor advisories for updates and additional mitigations.
Review logs for indicators of compromise related to CVE-2026-40024.

Related Coverage

Vvulnerability

Critical Path Traversal Vulnerability Affects Sleuth Kit tsk_recover

Path traversal vulnerability CVE-2026-40024 affects The Sleuth Kit's tsk_recover, enabling unauthorized file writes. Users should upgrade and restrict access.

NVD·4h ago·3 min read