CVE Catalog

CVE-2026-42496

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

34th percentile — higher than 34% of all known CVEs

Summary

Vulnerability in Archive::Tar for Perl before version 3.08 allows extraction of symbolic links pointing to arbitrary paths outside the target directory. The _make_special_file() function does not validate the symlink target path, enabling attackers to overwrite files outside the extraction directory.

Risk Assessment

The risk involves potential remote overwriting of critical system or configuration files via a crafted tar archive, which could lead to system compromise or privilege escalation.

Recommendation

Immediately update Archive::Tar to version 3.08 or later. If updating is not possible, avoid extracting archives from untrusted sources and implement additional path validation mechanisms.

Original NVD description (English source)

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS