CVE-2026-26157
Published: 11 February 2026
Summary
CVE-2026-26157 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Busybox (inferred from references). Its CVSS base score is 7.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7022
Vulnerability details
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to…
more
arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in BusyBox archive extraction directly enables arbitrary file overwrite of sensitive system files, facilitating local privilege escalation to achieve code execution.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Rejects externally supplied file or resource identifiers that fail validity checks.