GHSA-9PPJ-QMQM-Q256 node-tar Symlink Path Traversal via Drive-Relative Linkpath

Summary tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Details The extraction logic in...

Exploit for CVE-2026-29786

CVE-2026-29786 Research: Joshua van Rijswijkhttps://gi...