THREATOPS
THREAT OPSThreat News › [NVD] CVE-2026-23745 (MEDIUM 6.1) — node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading t

[NVD] CVE-2026-23745 (MEDIUM 6.1) — node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading t

lownvdPublished 2026-01-16

CVE-2026-23745 CVSS: 6.1 MEDIUM Published: 2026-01-16T22:16:26.830

node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-23745