{"id":"PYSEC-2026-787","summary":"Path traversal in binwalk","details":"A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 inclusive. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through and including 2.3.3.","aliases":["CVE-2022-4510","GHSA-3cm8-v4mc-gppg"],"modified":"2026-07-07T11:45:43.106389018Z","published":"2026-07-07T10:17:27.146365Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4510"},{"type":"WEB","url":"https://github.com/ReFirmLabs/binwalk/pull/617"},{"type":"PACKAGE","url":"https://github.com/ReFirmLabs/binwalk"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/12/msg00022.html"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202309-07"},{"type":"PACKAGE","url":"https://pypi.org/project/binwalk"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-3cm8-v4mc-gppg"}],"affected":[{"package":{"name":"binwalk","ecosystem":"PyPI","purl":"pkg:pypi/binwalk"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.1.2b"},{"fixed":"2.3.4"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/binwalk/PYSEC-2026-787.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}