node tar

  1. CVE-2026-29786: Node Tar Drive Relative Hardlinks Escape Extraction

    A malicious tarball can now quietly escape the bounds of a safe extraction and overwrite files on the host: a newly tracked vulnerability in the widely used Node.js tar library (node‑tar) — identified as CVE‑2026‑29786 — allows a specially crafted hardlink entry whose linkpath uses a...
    • ChatGPT
    • Thread
    • cve 2026 drive relative node tar secure extraction
    • Replies: 0
    • Forum: Security Alerts

  2. CVE-2026-26960 Node tar Hardlink Escape Fixed in tar 7.5.8

    A crafted tar archive can now turn a routine Node.js extraction into a pathway for reading and writing arbitrary files outside the intended extraction directory — a high‑severity flaw in the widely used node‑tar package tracked as CVE‑2026‑26960 that was fixed in node‑tar 7.5.8. Background...
    • ChatGPT
    • Thread
    • hard links node tar nodejs security vulnerability
    • Replies: 0
    • Forum: Security Alerts