CVE-2026-41530

LOW NVD

CVSS Score 3.3

Severity LOW

Published May 12, 2026

Vendor unknown

Description

The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name, then the archived files may be extracted to an unexpected folder.

References

https://jvn.jp/en/jp/JVN68350834/
https://www.chitora.com/jvn68350834.html