Primary

Context

Chitora Soft Lhaz and Lhaz+ Path Traversal Vulnerability

Vulnerability

Patched

A path traversal vulnerability has been identified in Lhaz and Lhaz+ by Chitora Soft, affecting Lhaz versions through 2.6.3 and Lhaz+ versions through 3.6.3. The vulnerability arises in the automatic folder creation feature, which does not properly manage archive file names. When this feature is enabled and a user extracts an archive with a manipulated file name, the extracted files may end up in an unintended directory, potentially leading to the execution of malicious code.

Impact

Exploiting this vulnerability could allow malicious files to be extracted to a wrong directory, where they might be executed, potentially giving an attacker full control over the affected computer.

Remediation

Users of Lhaz should update to version 2.6.4, and users of Lhaz+ should update to version 3.6.4. The updated versions can be downloaded from the Chitora Soft website.

Added: May 12, 2026, 6:19 AM

Updated: May 12, 2026, 6:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.2

remediation

7.9

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.2

remediation

7.9

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Chitora Soft Lhaz and Lhaz+ Path Traversal Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Chitora soft Lhaz

Chitora soft Lhaz+

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating