Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2026-14966: CWE-59 Improper Link Resolution Before File Access ('Link Following') in Black Lantern Security BBOT

0
Low
VulnerabilityCVE-2026-14966cvecve-2026-14966cwe-59
Published: 07/08/2026 (07/08/2026, 15:03:47 UTC)
Source: CVE Database V5
Vendor/Project: Black Lantern Security
Product: BBOT

Description

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted during a scan (for example via filedownload), bypassed the guard and caused an attacker-controlled symlink to be written into the extraction directory. The effect is limited to planting the symlink (its target is not written through), and only hosts using such a legacy p7zip build are affected; current mainline 7-Zip is not.

CVSS v3.1

Score 3.1low

Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected software

GitHub Actionsmore threats →cve
BBOT
pkg:github/BBOT
Affected versions
>=2.3.1 <=2.8.6

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/08/2026, 16:15:30 UTC

Technical Analysis

The BBOT unarchive module attempts to reject archives containing symlink entries before extraction to prevent link following issues. However, for zip and 7z archives produced by legacy p7zip versions, the module fails to detect symlinks that have a DOS-attribute prefix before the unix mode in their listing. This bypass allows an attacker to place a symlink controlled by them into the extraction directory during archive extraction, such as during a filedownload scan. The vulnerability is limited to planting the symlink itself; the symlink's target is not overwritten or written through. The issue only affects BBOT versions 2.3.1 through 2.8.6 on hosts using legacy p7zip builds. Current mainline 7-Zip versions are not affected. There is no vendor-provided patch or remediation guidance available at this time.

Potential Impact

An attacker can cause BBOT to write an attacker-controlled symlink into the extraction directory by exploiting improper detection of symlinks in certain archive formats. This could potentially be used to influence subsequent file operations that follow symlinks, but the vulnerability does not allow direct overwriting of symlink targets during extraction. The impact is limited to symlink planting and does not affect confidentiality or availability. The CVSS score is 3.1 (low severity), reflecting limited impact and the requirement for user interaction (UI:R) and high attack complexity (AC:H).

Mitigation Recommendations

No official patch or remediation level has been provided by the vendor. Since the vulnerability depends on using legacy p7zip builds that produce archives with a DOS-attribute prefix, avoiding such legacy archive formats or upgrading to current mainline 7-Zip versions may mitigate the risk. Monitor vendor advisories for any forthcoming patches or official guidance. No immediate action is mandated by the vendor at this time.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
BLSOPS
Date Reserved
2026-07-07T15:14:09.717Z
Cvss Version
3.1
State
PUBLISHED
Remediation Level
null

Threat ID: 6a4e73c0c9d9e3dbe3604277

Added to database: 07/08/2026, 15:58:56 UTC

Last enriched: 07/08/2026, 16:15:30 UTC

Last updated: 07/09/2026, 00:27:39 UTC

Views: 10

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses