CVE-2023-38831

Name: CVE-2023-38831
Creator: NVD / NIST
Published: 2023-08-23T17:15:43.863+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10Actively ExploitedEPSS 97.80%

Last modified Jun 17, 2026

CVE-2023-38831 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. CISA has confirmed active exploitation in the wild. EPSS estimates a 97.80% chance of exploitation in the next 30 days.

Description

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

97.80%

99.9th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Sep 14, 2023.

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Rarlab	Winrar	< 6.23

References

http://packetstormsecurity.com/files/174573/WinRAR-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/Exploit, Third Party Advisory
https://news.ycombinator.com/item?id=37236100Issue Tracking
https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/Exploit, Press/Media Coverage, Third Party Advisory
https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/Exploit, Press/Media Coverage, Third Party Advisory
http://packetstormsecurity.com/files/174573/WinRAR-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/Exploit, Third Party Advisory
https://news.ycombinator.com/item?id=37236100Issue Tracking
https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/Exploit, Press/Media Coverage, Third Party Advisory
https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/Exploit, Press/Media Coverage, Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-38831US Government Resource

Timeline

Published: Aug 23, 2023
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2023-38831?

How severe is CVE-2023-38831?

CVE-2023-38831 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 97.80% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2023-38831?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-38831?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST