THREAT OPS › Threat News › [NVD] CVE-2026-23745 (MEDIUM 6.1) — node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading t
[NVD] CVE-2026-23745 (MEDIUM 6.1) — node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading t
CVE-2026-23745 CVSS: 6.1 MEDIUM Published: 2026-01-16T22:16:26.830
node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink
Indicators of compromise
- CVE-2026-23745cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-23745