← Zuruck zu CVEs
CVE-2026-23745
MEDIUM6.1
Beschreibung
node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.
CVE Details
CVSS v3.1 Bewertung6.1
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht1/16/2026
Zuletzt geandert2/18/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
isaacs:tar
Schwachen (CWE)
CWE-22
Referenzen
https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e(security-advisories@github.com)
https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97(security-advisories@github.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.