drive relative

The tag 'drive relative' covers a security vulnerability in the Node.js tar library (node-tar), tracked as CVE-2026-29786. This flaw allows a malicious tarball to use a drive-relative hardlink target, such as C:../target.txt, to escape the intended extraction directory and overwrite files on the host system. The issue affects any system, CI pipeline, container, or application that extracts untrusted tar archives using vulnerable versions of node-tar. A maintenance release has fixed the problem, but the vulnerability highlights the risks of drive-relative paths in archive extraction. Discussions on WindowsForum.com focus on the technical details, impact, and mitigation of this specific CVE.