PT-2026-43162 · Cpan+1 · Archive Tar+1
Stig Palmquist
·
Published
2026-05-26
·
Updated
2026-06-30
·
CVE-2026-42496
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Archive::Tar versions prior to 3.08
Description
Archive::Tar for Perl allows the extraction of symlinks with attacker-controlled targets located outside the extraction directory. The function
make special file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. While a secure-extract mode exists to guard regular file extraction, it does not cover the symlink target. Consequently, a subsequent open operation through the extracted name can read or write to an attacker-chosen path.Recommendations
Update Archive::Tar to version 3.08 or later.
Exploit
Fix
DoS
Path traversal
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Archive Tar
Rocky Linux