Plattform
other
Komponente
devtoys
Behoben in
2.0.1
CVE-2026-22685 describes a Path Traversal vulnerability discovered in DevToys, a desktop application for developers. This flaw allows attackers to overwrite arbitrary files on a user’s system by crafting malicious extension packages. The vulnerability affects versions 2.0.0.0 through 2.0.8.0, and a fix is available in version 2.0.9.0.
The core of this vulnerability lies in DevToys' extension installation process. When handling NUPKG archives (extension packages), the application fails to adequately validate file paths within these archives. An attacker can exploit this by embedding specially crafted file entries, such as ../../…/target-file, within a malicious extension package. This manipulation tricks the extraction process into writing files to locations outside the intended extensions directory. Consequently, an attacker can overwrite critical system files or configuration files with the privileges of the DevToys process, potentially leading to complete system compromise. The impact is significant, as it allows for arbitrary file overwrites, which can be leveraged for privilege escalation or to install malicious software.
As of the public disclosure date (2026-01-10), there is no indication of active exploitation of CVE-2026-22685. No public proof-of-concept (POC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. Given the relatively straightforward nature of Path Traversal vulnerabilities and the lack of immediate mitigation options beyond patching, it is reasonable to assume that this vulnerability could become a target for opportunistic attackers.
Developers who utilize DevToys, particularly those who routinely install extensions from various sources, are at heightened risk. Users who have not implemented robust security practices, such as disabling extension installation from untrusted sources, are also more vulnerable. Shared development environments or systems where multiple developers share the same DevToys installation could amplify the impact of a successful exploitation.
• windows / supply-chain: Monitor for unusual file creation activity within the DevToys installation directory (e.g., using Process Monitor). Check Autoruns for suspicious entries related to DevToys extensions.
Get-ChildItem -Path "C:\Program Files\DevToys\Extensions" -Recurse -Force | Where-Object {$_.LastWriteTime -gt (Get-Date).AddDays(-7)} | Sort-Object LastWriteTime• generic web: While not directly applicable to DevToys, monitor network traffic for attempts to access or download DevToys extension packages from untrusted sources.
disclosure
Exploit-Status
EPSS
0.05% (14% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-22685 is to upgrade DevToys to version 2.0.9.0 or later, which contains the necessary fix. If an immediate upgrade is not feasible due to compatibility issues or testing requirements, consider isolating DevToys from untrusted networks and disabling the installation of extensions from unknown sources. While a direct WAF rule is unlikely to be effective, monitoring for unusual file creation activity within the DevToys extensions directory could provide early warning signs. After upgrading, verify the fix by attempting to install a known malicious extension package (in a controlled environment) and confirming that the file extraction process is properly restricted.
Actualice DevToys a la versión 2.0.9.0 o posterior. Descargue la última versión desde la página oficial o a través del mecanismo de actualización dentro de la aplicación. Esto corrige la vulnerabilidad de path traversal al instalar extensiones.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-22685 is a Path Traversal vulnerability affecting DevToys versions 2.0.0.0 through 2.0.8.0, allowing attackers to overwrite files by crafting malicious extension packages.
You are affected if you are using DevToys versions 2.0.0.0 to 2.0.8.0. Upgrade to 2.0.9.0 or later to mitigate the risk.
Upgrade DevToys to version 2.0.9.0 or later. If immediate upgrade is not possible, isolate DevToys and disable extension installation from untrusted sources.
There is currently no evidence of CVE-2026-22685 being actively exploited.
Refer to the official DevToys release notes and security advisories on the developer's website for the most up-to-date information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.