CVE-2026-59875
CVE-2026-59875 affects the Node.js tar library node-tar prior to 7.5.17. The root cause is that NUL bytes are not stripped from PAX path and linkpath records in src/pax.ts, which can allow a crafted archive to reach fs.lstat or fs.open and terminate the process with an uncaught exception. The iss...