top of page
perceptive_background_267k.jpg

node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution sem…

Published:

27 januari 2026 om 23:00:00

Alert date:

28 januari 2026 om 02:02:07

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies, Web Technologies

CVE-2026-24842 affects node-tar, a Tar library for Node.js, in versions prior to 7.5.7. The vulnerability stems from a mismatch between security checks and hardlink creation logic for path resolution. This allows attackers to craft malicious TAR archives that bypass path traversal protections and create hardlinks to arbitrary files outside the extraction directory. The issue has been fixed in version 7.5.7.

Technical details

Mitigation steps:

Affected products:

node-tar

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-24842
https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46
https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page