Gnu · Gnu Tar · CVE-2026-5704
Name of the Vulnerable Software and Affected Versions
GNU tar (affected versions not specified)
Description
A flaw exists in GNU tar that allows a remote attacker to craft a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection. The issue arises because the `-t` (list) and `-x` (extract) options produce different results when processing archives containing non-data-bearing typeflags (symlink, chardev, blockdev, FIFO) with a non-zero size field.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.