Sentinel update: Sleuth Kit and ALEAPP fixes are now public

This Sentinel update covers newly public work as of March 5, 2026. Since our February update, we can now point to public upstream fixes for three Sleuth Kit findings and one ALEAPP issue.

Sleuth Kit

tsk_recover Path Traversal (High)
Issue: `tsk_recover` built export paths by combining investigator-selected output roots with attacker-controlled on-disk names, without rejecting traversal components.
Impact: A crafted image could write files outside the intended recovery directory and contaminate the analyst workstation.
Public fix: a3f96b3bc →

APFS Keybag Parser OOB Read (Medium)
Issue: the wrapped key parser walked a TLV-style buffer without tracking the end of the buffer.
Impact: Crafted APFS data could drive out-of-bounds reads or hang parsing.
Public fix work: PR #3444 →

ISO9660 SUSP ER Length Trust OOB Read (Medium)
Issue: the ER parser trusted internal length fields without validating them against the entry boundary.
Impact: Crafted ISO images could trigger out-of-bounds reads during analysis.
Public fix work: PR #3445 →

ALEAPP

NQ Vault Path Traversal / RCE (Critical)
Issue: ALEAPP used attacker-controlled filenames from NQ Vault data when writing decrypted files, allowing traversal outside the report directory.
Impact: A malicious device could write examiner-controlled files to arbitrary locations, creating a path to workstation compromise.
Public fix: PR #669 →

Current Sentinel index

The Sentinel page remains the running public index of disclosed vulnerabilities and remediation status across our reviews.