CVE-2026-5704

Name of the Vulnerable Software and Affected Versions GNU tar (affected versions not specified)

Description A flaw exists in GNU tar that allows a remote attacker to craft a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection. The issue arises because the -t (list) and -x (extract) options produce different results when processing archives containing non-data-bearing typeflags (symlink, chardev, blockdev, FIFO) with a non-zero size field.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.