discovered 30 Mar 2026
CVE-2023-38831-winrar-exploit
→ View on GitHubAI Summary: The CVE-2023-38831 winrar exploit generator is a tool designed to create proof-of-concept (PoC) exploits for a recently discovered vulnerability in WinRAR versions up to 6.22. It allows users to customize bait files, such as images or documents, along with malicious script files to generate a malicious RAR archive. Notable features include an easy-to-use command-line interface for generating exploits and the ability to customize payloads according to user specifications.
README
CVE-2023-38831 winrar exploit generator
Quick poc test
Generate the default poc for test
python cve-2023-38831-exp-gen.py poc
or
python cve-2023-38831-exp-gen.py CLASSIFIED_DOCUMENTS.pdf script.bat poc.rar
Custom
- Place the bait file and (evil) script file in the current directory, the bait file is recommended to be an image (.png, jpg) or a document (.pdf)
- Run
python cve-2023-38831-exp-gen.py <bait name> <script name> <output name>to generate your exploit
Screenshots
Infected version: winrar <= 6.22
Analysis Blog
https://b1tg.github.io/post/cve-2023-38831-winrar-analysis/
Reference
https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/