Class based , object oriented programming language. Designed to have less dependencies as possible. The syntex of Java is smilier to C and C++. Commonly used for client-server applications. Java files are compiled by JVM (Java Virtual Machine)

Java

### Summary
A path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted.
### Example
Given an extraction directory set to `/tmp/extract`, a crafted archive with an entry with the filename as `../extract_evil/file.txt` would be actually extracted to `/tmp/extract_evil/file.txt`.
### Details
The `createDirectory()` and `createFile()` methods in`LocalFolderExtractor` validate extraction paths using a string prefix.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-40478	CRITICAL	9	Java	org.thymeleaf:thymeleaf	No	Yes	Apr 15, 2026
CVE-2026-40477	CRITICAL	9	Java	org.thymeleaf:thymeleaf	No	Yes	Apr 15, 2026
GHSA-vp6r-9m58-5xv8	HIGH	8.1	Java	org.omnifaces:omnifaces	No	Yes	Apr 16, 2026
GHSA-hf5p-q87m-crj7	MEDIUM	5.9	Java	com.github.junrar:junrar	No	Yes	Apr 16, 2026
CVE-2026-34164	MEDIUM	4.9	Java	com.ritense.valtimo:inbox	No	Yes	Apr 16, 2026

GHSA-hf5p-q87m-crj7:
Java vulnerability analysis and mitigation

Summary

Example

Details

5.9

Related Java vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

GHSA-hf5p-q87m-crj7: Java vulnerability analysis and mitigation