Home / Vulnerability Intelligence / CVE-2026-29786

CVE-2026-29786 - Vulnerability Analysis

N/a

Last Updated: March 7, 2026

node-tar - Path Traversal

Published: March 7, 2026Updated: March 7, 2026PoC Available

Overview

node-tar < 7.5.10 contains a path traversal caused by drive-relative hardlink targets during extraction, letting attackers overwrite files outside the extraction directory, exploit requires crafted archive.

Severity & Score

Severity: N/a

Impact

Attackers can overwrite arbitrary files outside the extraction directory, potentially leading to system compromise or data loss.

Mitigation

Update to version 7.5.10 or later.

References

https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f
https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-29786
Severity: N/a
Type: path_traversal
Status: new

CWE

CWE-22

CVSS Metrics

N/A