Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS

TITLE: Race Condition in node-tar Path Reservations via Unicode Sharp-S ß Collisions on macOS APFS AUTHOR: Tomás Illuminati Details A race condition vulnerability exists in node-tar v7.5.3 this is to an incomplete handling of Unicode path collisions in the path-reservations system. On...

CVE-2026-23950

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...

CVE-2026-23950 node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS

node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...