VDB

JLSEC-2026-61

JLSEC-2026-61 PUBLISHED CVSS 8.600000381469727 HIGH

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Risk Scores

CVSS 4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
JuliaGzip_jll0, 0
JuliaXZ_jll0, 0

Timeline

  • Apr 8, 2026 CVE Published
  • Apr 8, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›