{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41530", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-04-21T00:48:03.452Z", "datePublished": "2026-05-12T05:21:10.823Z", "dateUpdated": "2026-05-12T05:21:10.823Z"}, "containers": {"cna": {"affected": [{"vendor": "Chitora soft", "product": "Lhaz", "versions": [{"version": "2.6.3 and earlier", "status": "affected"}]}, {"vendor": "Chitora soft", "product": "Lhaz+", "versions": [{"version": "3.6.3 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name, then the archived files may be extracted to an unexpected folder."}], "problemTypes": [{"descriptions": [{"description": "Improper limitation of a pathname to a restricted directory ('Path Traversal')", "lang": "en-US", "cweId": "CWE-22", "type": "CWE"}]}], "references": [{"url": "https://www.chitora.com/jvn68350834.html"}, {"url": "https://jvn.jp/en/jp/JVN68350834/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.6, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-05-12T05:21:10.823Z"}}}}

{}

{}

{}

{}