https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-20T14:57:45.701219+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/2f8d8b71-06f9-4c1f-9370-9f8d906528d6/export2f8d8b71-06f9-4c1f-9370-9f8d906528d62026-06-20T14:57:46.128845+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "2f8d8b71-06f9-4c1f-9370-9f8d906528d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12565", "type": "seen", "source": "https://gist.github.com/alon710/8812bad8b22fe18c159a9af87742e425", "content": "# CVE-2026-12565: CVE-2026-12565: Arbitrary File Write via Path Traversal in BBOT unarchive Module\n\n> **CVSS Score:** 5.3\n> **Published:** 2026-06-18\n> **Full Report:** https://cvereports.com/reports/CVE-2026-12565\n\n## Summary\nCVE-2026-12565 is a medium-severity path traversal (Zip-Slip) vulnerability within the internal unarchive module of the BBOT (Black Lantern Security) OSINT framework. The vulnerability exists due to a failure to validate target paths before extracting archives using host-level command-line utilities. This allows remote, unauthenticated attackers to write arbitrary files outside of the target extraction folder on environments running legacy versions of GNU tar.\n\n## TL;DR\nUnauthenticated remote attackers can write arbitrary files and potentially achieve remote code execution via a directory traversal exploit in BBOT's unarchive module when executed on legacy platforms.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-22\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1**: 5.3 (Medium)\n- **EPSS Score**: 0.00208 (Percentile: 10.84%)\n- **Impact**: Arbitrary File Write / Potential Remote Code Execution\n- **Exploit Status**: Proof of Concept (PoC)\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- BBOT framework (versions 2.3.1 to 2.8.4)\n- Operating systems utilizing GNU tar < 1.34 (Ubuntu 20.04 LTS, Debian 10 Buster, CentOS 7, legacy Docker base images)\n- **BBOT**: >= 2.3.1, <= 2.8.4 (Fixed in: `Post-2.8.4 patch release`)\n\n## Mitigation\n\n- Upgrade GNU tar on the host system to version 1.34 or later.\n- Run BBOT under non-root users and within containerized environments configured with read-only root filesystems.\n- Manually intercept and validate archive structures prior to invoking external extraction commands.\n\n**Remediation Steps:**\n1. Identify environments running BBOT with legacy GNU tar versions (Ubuntu 20.04, CentOS 7).\n2. Install GNU tar version 1.34+ or migrate to modern base container images (such as Ubuntu 22.04+).\n3. Restrict container write permissions using security constraints like '--read-only' and isolate mount points.\n\n## References\n\n- [Black Lantern Security Vulnerable Commit](https://github.com/blacklanternsecurity/bbot/commit/4fb38fd6e77cbf43b198ee8ddbaf380a9eb69d09)\n- [Official CVE Record](https://www.cve.org/CVERecord?id=CVE-2026-12565)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-12565) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-18T17:11:50.000000Z"}2026-06-18T17:11:50+00:00