RARLAB UnRAR Directory Traversal Vulnerability (CVE-2022-30333)
RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.
A remote attacker, without authentication, can achieve partial data exposure, arbitrary modification of data. CISA has confirmed use of this vulnerability in known ransomware campaigns — treat as high priority for remediation. Federal agencies are required to remediate by 2022-08-30 under CISA BOD 22-01.
This is a Path Traversal (CWE-22) vulnerability in RARLAB UnRAR. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.
📧
Phishing link
🖼
Malicious file
🔓
Server compromised
Probably yes if any of these apply:
Used in known ransomware campaigns. Threat-research write-up: http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html
Manual remediation steps
Apply the Vendor Patch
This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.
CISA required action: Apply updates per vendor instructions.
References
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
References
Related vulnerabilities
KB5000871: Windows Server 2016 / 2019 Security Update (May 2026)
Microsoft Exchange Server
CVE-2021-26855
MEDIUM6.5Microsoft Defender for Identity Improper Authentication — Spoofing (CVE-2025-26685)
Microsoft Defender for Identity
CVE-2025-26685
HIGHIIS Security Updates Require Both Windows Update and Manual Configuration Review
Microsoft IIS