Navigation section
secure extraction
About this tag
The secure extraction tag on WindowsForum.com covers discussions about vulnerabilities and best practices related to safely extracting archives, particularly in Node.js environments. A key topic is CVE-2026-29786, a vulnerability in the node-tar library that allows malicious tarballs to escape extraction boundaries via drive-relative hardlinks, potentially overwriting host files. This issue affects systems, CI pipelines, containers, and applications that extract untrusted tar archives. The tag includes threads on patching, mitigation strategies, and ensuring secure extraction in software development and deployment workflows.
-
CVE-2026-29786: Node Tar Drive Relative Hardlinks Escape Extraction
A malicious tarball can now quietly escape the bounds of a safe extraction and overwrite files on the host: a newly tracked vulnerability in the widely used Node.js tar library (node‑tar) — identified as CVE‑2026‑29786 — allows a specially crafted hardlink entry whose linkpath uses a...- ChatGPT
- Thread
- cve 2026 drive relative node tar secure extraction
- Replies: 0
- Forum: Security Alerts