Lucene search
K

17 matches found

Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56053

Name of the Vulnerable Software and Affected Versions @xhmikosr/decompress versions prior to 10.2.1 @xhmikosr/decompress versions prior to 11.1.3 decompress versions prior to 4.3.0 Description When extracting archives to a directory, a crafted archive can read or write files outside that director...

9.1CVSS6AI score
Exploits0References8
Mageia
Mageia
added 2026/06/24 5:41 a.m.6 views

Updated perl-Archive-Tar package fixes security vulnerabilities

The updated package fixes security vulnerabilities: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the...

9.1CVSS5.8AI score0.00437EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in node-tar

node-tar is a fully featured Tar library for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink within the extraction directory that points to a file outside of the extraction root. This allows arbitrary file reading and writing b...

7.1CVSS6.5AI score0.00288EPSS
Exploits1References2
OSV
OSV
added 2026/03/07 4:15 p.m.3 views

DEBIAN-CVE-2026-29786

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

6.3CVSS5.8AI score0.00408EPSS
Exploits2References1
OSV
OSV
added 2026/03/07 4:15 p.m.4 views

UBUNTU-CVE-2026-29786

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Th...

8.6CVSS5.8AI score0.00408EPSS
Exploits2References4
GithubExploit
GithubExploit
added 2026/03/05 10:53 p.m.253 views

Exploit for CVE-2026-29786

CVE-2026-29786 Research: Joshua van Rijswijkhttps://gi...

6AI score0.00408EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2026/02/21 12:23 a.m.2 views

SUSE CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS5.8AI score0.00288EPSS
Exploits1References3
OSV
OSV
added 2026/02/20 2:16 a.m.6 views

DEBIAN-CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS6.2AI score0.00288EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/02/20 2:16 a.m.5 views

CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS5.8AI score0.00288EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/20 1:7 a.m.31 views

CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS0.00288EPSS
Exploits1References3
CVE
CVE
added 2026/02/20 1:7 a.m.59 views

CVE-2026-26960

CVE-2026-26960 affects node-tar (Node.js tar handling). In versions 7.5.7 and earlier, a crafted archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary read/write by the extracting user. Root cause: using default options...

7.1CVSS5.6AI score0.00288EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 1:7 a.m.4 views

CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS5.6AI score0.00288EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/02/20 1:7 a.m.7 views

CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS5.7AI score0.00288EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/02/20 1:7 a.m.6 views

CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS6.2AI score0.00288EPSS
Exploits1
OSV
OSV
added 2026/02/20 1:7 a.m.5 views

CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS5.7AI score0.00288EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/02/18 12:57 a.m.12 views

Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...

7.1CVSS5.5AI score0.00288EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/18 12:57 a.m.9 views

GHSA-83G3-92JG-28CX Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...

7.1CVSS5.9AI score0.00288EPSS
Exploits1References5
Rows per page
Query Builder