OESA-2026-1934

The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file system forensic tools that allow an investigator to examine NTFS, FAT, FFS, EXT2FS, EXT3FS and ExFAT file systems of a suspect computer in a non-intrusive fashion. The tools have a layer-based design and can extract data from internal file system structures. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown.

Security Fix(es):

A path traversal vulnerability exists in the tskrecover tool of The Sleuth Kit through version 4.14.0. An attacker can craft a malicious filesystem image containing filenames or directory paths with path traversal sequences (e.g., /../). When processed by tskrecover, this can cause files to be written to arbitrary locations outside the intended output directory. This could potentially lead to code execution by overwriting critical files such as shell configuration files or cron entries.(CVE-2026-40024)

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parsesusp() function trusts lenid, lendes, and lensrc fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO image that causes reads past the end of the SUSP data buffer, and a zero-length SUSP entry can trigger an infinite parsing loop.(CVE-2026-40026)