24h | 7d | 30d

CVE-2026-23745

Overview

  • isaacs
  • node-tar
16 Jan 2026
Published
20 Jan 2026
Updated
CVSS v4.0
HIGH (8.2)
EPSS
0.00%
KEV

Description

node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture
OpsMatters @opsmatters.com
The latest update for #Foresiet includes "CVE-2026-23745: A Deep Dive into the node-tar Arbitrary File Overwrite Vulnerability" and "Exploiting Monsta FTP: Technical Analysis of CVE-2025-34299". #cybersecurity #infosec https://opsmtrs.com/3J3CMGz
  • 0
  • 0
  • 0
  • 9h ago
Showing 51 to 51 of 51 CVEs