5.5

CVE-2026-5704

Exploit

Tar: tar: hidden file injection via crafted archives

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuTar Version-
RedhatHardened Images Version-
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.095
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
secalert@redhat.com 5 1.3 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://bugzilla.redhat.com/show_bug.cgi?id=2455360
Third Party Advisory
Exploit
Issue Tracking
http://www.openwall.com/lists/oss-security/2026/04/11/10
Third Party Advisory
Exploit
Mailing List
http://www.openwall.com/lists/oss-security/2026/04/12/2
Third Party Advisory
Exploit
Mailing List