You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026-32288
About this tag
CVE-2026-32288 is a memory denial-of-service vulnerability in Go's archive/tar package, specifically in the tar.Reader when processing malicious archives using the old GNU sparse map format. Microsoft's security guidance highlights its impact on Azure Linux and container tooling, where unbounded memory consumption can occur. While not a Windows desktop issue, this flaw affects cloud images, CI pipelines, and Linux-on-Microsoft environments that rely on tar files. The vulnerability underscores the risk of trusting tar archives in modern systems, making it relevant for enterprise IT and security teams managing containerized workloads or Linux-based infrastructure on Microsoft platforms.
Microsoft’s security guidance for CVE-2026-32288 identifies an April 2026 Go archive/tar flaw in which tar.Reader can consume unbounded memory while parsing malicious archives that abuse the old GNU sparse map format. The bug is not a Windows desktop catastrophe, but it is exactly the sort of...