CVE-2026-42496
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk34th percentile — higher than 34% of all known CVEs
Summary
Vulnerability in Archive::Tar for Perl before version 3.08 allows extraction of symbolic links pointing to arbitrary paths outside the target directory. The _make_special_file() function does not validate the symlink target path, enabling attackers to overwrite files outside the extraction directory.
Risk Assessment
The risk involves potential remote overwriting of critical system or configuration files via a crafted tar archive, which could lead to system compromise or privilege escalation.
Recommendation
Immediately update Archive::Tar to version 3.08 or later. If updating is not possible, avoid extracting archives from untrusted sources and implement additional path validation mechanisms.
Original NVD description (English source)
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.

