An update for sleuthkit is now available for openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1937 Final 1.0 1.0 2026-04-17 Initial 2026-04-17 2026-04-17 openEuler SA Tool V1.0 2026-04-17 sleuthkit security update An update for sleuthkit is now available for openEuler-24.03-LTS-SP1 The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file system forensic tools that allow an investigator to examine NTFS, FAT, FFS, EXT2FS, EXT3FS and ExFAT file systems of a suspect computer in a non-intrusive fashion. The tools have a layer-based design and can extract data from internal file system structures. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown. Security Fix(es): A path traversal vulnerability exists in the tsk_recover tool of The Sleuth Kit through version 4.14.0. An attacker can craft a malicious filesystem image containing filenames or directory paths with path traversal sequences (e.g., /../). When processed by tsk_recover, this can cause files to be written to arbitrary locations outside the intended output directory. This could potentially lead to code execution by overwriting critical files such as shell configuration files or cron entries.(CVE-2026-40024) The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS disk image that triggers information disclosure or crashes when processed by any Sleuth Kit tool that parses APFS volumes.(CVE-2026-40025) The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO image that causes reads past the end of the SUSP data buffer, and a zero-length SUSP entry can trigger an infinite parsing loop.(CVE-2026-40026) An update for sleuthkit is now available for openEuler-24.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High sleuthkit https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1937 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-40024 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-40025 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-40026 https://nvd.nist.gov/vuln/detail/CVE-2026-40024 https://nvd.nist.gov/vuln/detail/CVE-2026-40025 https://nvd.nist.gov/vuln/detail/CVE-2026-40026 openEuler-24.03-LTS-SP1 sleuthkit-4.12.1-3.oe2403sp1.x86_64.rpm sleuthkit-debuginfo-4.12.1-3.oe2403sp1.x86_64.rpm sleuthkit-debugsource-4.12.1-3.oe2403sp1.x86_64.rpm sleuthkit-devel-4.12.1-3.oe2403sp1.x86_64.rpm sleuthkit-help-4.12.1-3.oe2403sp1.x86_64.rpm sleuthkit-4.12.1-3.oe2403sp1.aarch64.rpm sleuthkit-debuginfo-4.12.1-3.oe2403sp1.aarch64.rpm sleuthkit-debugsource-4.12.1-3.oe2403sp1.aarch64.rpm sleuthkit-devel-4.12.1-3.oe2403sp1.aarch64.rpm sleuthkit-help-4.12.1-3.oe2403sp1.aarch64.rpm sleuthkit-4.12.1-3.oe2403sp1.src.rpm A path traversal vulnerability exists in the tsk_recover tool of The Sleuth Kit through version 4.14.0. An attacker can craft a malicious filesystem image containing filenames or directory paths with path traversal sequences (e.g., /../). When processed by tsk_recover, this can cause files to be written to arbitrary locations outside the intended output directory. This could potentially lead to code execution by overwriting critical files such as shell configuration files or cron entries. 2026-04-17 CVE-2026-40024 openEuler-24.03-LTS-SP1 High 8.4 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X sleuthkit security update 2026-04-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1937 The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS disk image that triggers information disclosure or crashes when processed by any Sleuth Kit tool that parses APFS volumes. 2026-04-17 CVE-2026-40025 openEuler-24.03-LTS-SP1 Medium 4.4 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L sleuthkit security update 2026-04-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1937 The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO image that causes reads past the end of the SUSP data buffer, and a zero-length SUSP entry can trigger an infinite parsing loop. 2026-04-17 CVE-2026-40026 openEuler-24.03-LTS-SP1 Medium 4.4 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L sleuthkit security update 2026-04-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1937