CVE-2026-5704
EUVD-2026-1931706.04.2026, 16:16
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnu | tar | - |
| redhat | hardened_images | - |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| tar |
| ||||||||||||||||||
| tar-lang |
| ||||||||||||||||||
| tar-rmt |
|
Common Weakness Enumeration
Vulnerability Media Exposure