ANT-2026-9VJ9JJXQ · junrar

path-traversal medium

GHSA-j273-m5qq-6825

Severity Claude high · Security research firm - · Maintainer medium

Discovered by Claude Mythos Preview

REPORT

The report below was sent to the maintainer and sealed at approval.

ANT-2026-9VJ9JJXQ: Arbitrary file write due to backslash path traversal

Arbitrary file write due to backslash path traversal.

Target

Project: junrar
Discovery: static analysis — not yet dynamically reproduced

Technical Details

Path sanitization fails to account for backslash (\) as a directory separator, allowing traversal sequences to bypass checks and write files to arbitrary locations.

Reproduction

This finding was identified by static analysis and has not yet been dynamically reproduced. The Technical Details section above describes the code path; a trigger input is not included.

[No reproducer or sanitizer output attached — request from cvd@anthropic.com if needed.]

Acknowledgement

This vulnerability was discovered by Claude, Anthropic's AI assistant, and triaged by the Anthropic security team in collaboration with Anthropic Research. Please direct questions to security-cvd@anthropic.com and reference ANT-2026-9VJ9JJXQ.

Reference: ANT-2026-9VJ9JJXQ
Anthropic CVD Policy: https://anthropic.com/security/cvd-policy

UPSTREAM FIX

https://github.com/junrar/junrar/security/advisories/GHSA-j273-m5qq-6825

TIMELINE

Dates from discovery through public reveal.

  1. 2026-02-27 Patch released
  2. 2026-03-29 Reported to tracker
  3. 2026-05-08 Sent to maintainer
  4. 2026-05-08 Maintainer acknowledged
  5. 2026-05-20 Publicly revealed
PROVENANCE

SHA-3-512 hash:

13bbdaec20acded7c4956102a40ff8d229d80f0392e67a98291fdb9596eb048217b4402ddd65a0d4ac1ca6f95eea4854a0fba28e33811baddae7e5857dcbdb1f

Committed 2026-05-08 09:37 PT

Revealed 2026-05-20 00:40 PT

Verify (download preimage.json)

Show preimage JSON 
{
  "ant_id": "ANT-2026-9VJ9JJXQ",
  "bug_class": "Path Traversal",
  "claude_severity": "high",
  "commit_sha": null,
  "created_at": "2026-03-29T20:45:57+00:00",
  "description": "Arbitrary file write due to backslash path traversal.",
  "discovered_at": null,
  "location": null,
  "poc_sha256": null,
  "preimage_version": 1,
  "project": "junrar",
  "reproduction": null,
  "technical_details": "Path sanitization fails to account for backslash (`\\`) as a directory separator, allowing traversal sequences to bypass checks and write files to arbitrary locations.",
  "title": "Arbitrary file write due to backslash path traversal",
  "vendor_severity": null
}