REPRO-2026-00090 HIGH Path Traversal Verified

WinRAR ADS Path Traversal — Arbitrary Code Execution via Crafted Archive (CVE-2025-8088)

Feb 17, 2026

Open in Codespaces Download Script

Confidence HIGH

Reproduced in 123m 42s

Tool calls 548

What's the vulnerability?

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Root Cause Analysis

One Command

Verify with pruva-verify

Run the Pruva CLI to automatically fetch and execute the reproduction script.

pruva-verify REPRO-2026-00090

or pruva-verify GHSA-832g-3rcm-wcrf

or pruva-verify CVE-2025-8088

Install: curl -fsSL https://pruva.dev/install.sh | sh

Or Run Manually

1

Download the script

curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00090/artifacts/repro/reproduction_steps.sh

2

Make executable

chmod +x reproduction_steps.sh

3

Run the script

./reproduction_steps.sh

Run in a VM, container, or disposable environment. This exploits a real vulnerability.

How Pruva Reproduced This

Watch the AI agent's step-by-step process.

Loading session...

Artifacts

repro/rca_report.md2.5 KB

repro/reproduction_steps.sh0.2 KB

bundle/ticket.md1.7 KB

bundle/ticket.json5.0 KB

bundle/source.json2.6 KB

repro/reproduction_steps.ps14.2 KB