Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Directory Traversal CVE-2026-23745

Summary node-tar is used by the IBM Datapower Operations Dashboard as part of their server implementation Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries wh...

linux-sgx security update

An update is available for linux-sgx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Intel SGX SDK is a collection of APIs, libraries, documentations and...

Important: Red Hat Security Advisory: linux-sgx security update

An update for linux-sgx is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

[SECURITY] [DLA 4552-1] node-tar security update

Debian LTS Advisory DLA-4552-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert April 29, 2026 https://wiki.debian.org/LTS Package : node-tar Version : 6.0.5+ds1+cs11.3.9-1+deb11u3 CVE ID : CVE-2024-28863 CVE-2026-23745 CVE-2026-24842 CVE-2026-26960 CVE-2026-29786...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is fals...

Atlassian Jira Service Management Data Center and Server 5.15.2 < 10.3.18 / 10.4.x < 11.3.3 (JSDSERVER-16528)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16528 advisory. - node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link...

Security Bulletin: Vulnerabilities in affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Ta...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-tar which is vulnerable to CVE-2026-23745

Summary IBM Maximo Application Suite - Visual Inspection component uses node-tar which is vulnerable to CVE-2026-23745, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Tar for Node.js. The...

Fedora 43 : linux-sgx (2026-a84e0ad039)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a84e0ad039 advisory. Update nodejs modules used by pccs daemon for CVE-2026-23745, CVE-2026-23950, CVE-2026-24842, CVE-2025-13465, CVE-2025-15284. Remove Fedora override...

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an...

SUSE CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

CVE-2026-23745 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, npm, node-gyp, kubeflow-pipelines, tileserver-gl, code-server, saf, prism, renovate, kubeflow-centraldashboard, sqlpad, vitess, lerna, pulumi...

CVE-2026-23745

creationtimestamp| type| source ---|---|--- 2026-01-16 23:31:25+00:00| seen| https://bsky.app/profile/ytroncal.bsky.social/post/3mclaynr4fs2x 2026-01-17 01:33:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mclhth2vfa2k 2026-01-17 12:00:53+00:00| seen|...

CVE-2026-23745 node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

org.webjars.npm:canvas (>=2.5.0 <=2.6.0), org.webjars.npm:color-thief (=2.2.5) +12 more potentially affected by CVE-2026-23745 via org.webjars.npm:tar (>=0.1.20 <=4.4.19)

org.webjars.npm:tar MAVEN version =0.1.20, =2.5.0, =0.97.5, =0.2.0, =3.4.0, =0.6.19, =2.0.0, =3.1.4, =3.4.1 - org.webjars.npm:tar.gz =1.0.7 Source cves: CVE-2026-23745 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15032661...

0pflow (>=0.1.0-dev.0de2bc6 <=0.1.0-dev.f5622ac), 10t-images-to-pdf (=1.0.3) +12794 more potentially affected by CVE-2026-23745 via tar (>=7.0.0 <=7.5.2)

tar NPM version =7.0.0, =0.1.0-dev.0de2bc6, =0.0.1, =3.1.2, =1.0.1, =4.11.0, =1.0.1, =1.31.1, =2.0.0, =0.1.0, =0.1.0, =1.7.0-beta.7, =0.1.0, =0.1.7 and more Source cves: CVE-2026-23745 Source advisory: SNYK:JS-TAR-15032660...