- Description
- RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- winrar
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- RARLAB WinRAR Code Execution Vulnerability
- Exploit added on
- Aug 24, 2023
- Exploit action due
- Sep 14, 2023
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
🔒 #CyberSecurity CVE-2023-38831: WinRAR Exploitation by Amaranth-Dragon — Detection and Hardenin… "Security teams must prioritize patching WinRAR immediately following confirmed reports of…" 🔗 https://t.co/wUvTg97wU9 #CyberSecurity #ThreatIntel #vulnerability #cve
@SecurityAr58409
15 Apr 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/ 🚨 WinRAR Zero-Day (CVE-2023-38831) — actively exploited in the wild. Attackers crafted ZIP archives that execute arbitrary code when users open seemingly innocent files. Over 500M WinRAR users were at risk. Here's how the attack works 🧵 https://t.co/pcxlavDa4V
@projectzerosum
6 Mar 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
تحذير من ثغرة في WinRAR تستخدم للسيطرة على أنظمة ويندوز Google تحذر من ثغرة حرجة في WinRAR، برنامج ضغط الملفات الشهير. يستغل المهاجمون هذه الثغرة للوصول غير المصر
@MisbarSec
29 Jan 2026
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical WinRAR Flaw CVE-2023-38831 Still Exploited by APTs Advanced Persistent Threat groups continue exploiting critical WinRAR vulnera... #CyberSecurity #Windows https://t.co/lgMAGQbrh0
@ctrlaltnod
29 Jan 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'Informe FUNDAE - Monica Seara Fernandez zip' seen from Spain @abuse_ch https://t.co/oNGNTgmC7Z CVE-2023-38831 exploit as an attachment. @skocherhan https://t.co/PILh5fO3SP
@smica83
12 Jan 2026
834 Impressions
2 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 Critical Vulnerability in WinRAR (CVE-2023-38831) 🚨 WinRAR versions <6.23 allow attackers to execute arbitrary code through malicious RAR files. Update to v6.23 ASAP to stay secure! 🔗 Learn more: https://t.co/sjsaikywr6 #CVE2023 #WinRAR #CyberSecurity #UpdateNow
@KillerFungi2022
27 Dec 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2023-38831] is a WinRAR ZIP-handling flaw that lets an archive include a benign file and a same-named folder whose contents are processed — enabling arbitrary code execution when a user opens the benign file. https://t.co/PHkzgUuM4L https://t.co/CGDf8BM5BK
@TweetThreatNews
24 Sept 2025
262 Impressions
0 Retweets
3 Likes
2 Bookmarks
1 Reply
0 Quotes
Just published my blog on cve-2023-38831 WinRAR Shared my learning, exploring the vulnerability, exploitation and its impact. I'd love to hear any feedback https://t.co/taFObDu5lA
@alexrider04
21 Sept 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I have added the fancy_bear tag to KEVIntel to all the vulnerabilities mentioned in the latest CISA advisory • CVE-2023-23397 • CVE-2020-12641 • CVE-2020-35730 • CVE-2021-44026 • CVE-2023-38831 https://t.co/ZrIVvM3JXC
@ethicalhack3r
22 May 2025
248 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: WinRAR and Microsoft Exchange Vulnerabilities 📅 Timeline: Disclosure: 2021-03-03, Patch: 2021-04-16 📌 Attribution: Notable Threat Actors 🆔cveId: CVE-2023-38831, CVE-2021-26855 📏cvssMetrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvssSeverity:…
@syedaquib77
15 Mar 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨#APT #Bitter Alert🚨 📁 c12ea05baf94ef6f0ea73470d70db3b2 M6XA.rar Lure: "Details of Courses for Special Forces, Details of All Arms Courses" Contains: PDF, LNK, & batch files Exploits CVE-2023-38831 🔗 C2: hxxp://149.154.153.184/loccs.php?cn=%computername%--%username%
@ginkgo_g
5 Mar 2025
3070 Impressions
6 Retweets
14 Likes
4 Bookmarks
0 Replies
1 Quote
🚨Threat Campaign Alert - UAC-0099 Targets Ukrainian Government with Espionage Campaign Using WinRAR Exploit (CVE-2023-38831) and LONEPAGE Malware🚨 Summary: The UAC-0099 threat group has targeted Ukrainian government organizations with phishing emails exploiting WinRAR… https:/
@CyberxtronTech
17 Dec 2024
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WinRAR security flaw #CVE-2023-38831 allows attacker to execute arbitrary code when user attempt to view benign file within ZIP archive CVE to deliver multiple malicious files APT-K-47 to deliver #Asyncshell which was found to leverage WinRAR security flaw https://t.co/x2JCwzcIK4
@7Ej4_
25 Nov 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware Initial attack chains distributing the malware have been found to leverage the WinRAR security flaw (CVE-2023-38831, CVSS score: 7.8) to trigger the infection #CyberSecurity #CyberSecurityAwareness… https://
@letsexploit
24 Nov 2024
25 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
hxxps://adp-auth.com/ cve-2023-38831 exploitation #stealc malware download: hXxps://adp-auth.com/land/Automatic_Data_Processing_Terms_and_Conditions.rar https://t.co/IvlO44M9tO https://t.co/wcIoO2owYW
@banthisguy9349
10 Nov 2024
2125 Impressions
7 Retweets
43 Likes
7 Bookmarks
4 Replies
2 Quotes
Did you know that you can create both a file and a directory with the exact same name in a ZIP? You won't be able to unzip it like this on any file system, but hey, you can do it! It's why CVE-2023-38831 happened in winrar https://t.co/3a0x7wdUoL https://t.co/Lz4f4ZuPLQ
@BarrellTitor44
5 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A586AE4C-6F08-4E96-B74C-AA0A7BF4F2DD",
"versionEndExcluding": "6.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]