Home

Description

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.

PUBLISHED Reserved 2026-04-06 | Published 2026-04-06 | Updated 2026-04-22 | Assigner redhat




MEDIUM: 5.0CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Problem types

Unrestricted Upload of File with Dangerous Type

Product status

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2026-04-06:Reported to Red Hat.
2026-04-06:Made public.

Credits

Red Hat would like to thank Guillermo de Angel Garcia for reporting this issue.

References

www.openwall.com/lists/oss-security/2026/04/11/10

www.openwall.com/lists/oss-security/2026/04/11/11

www.openwall.com/lists/oss-security/2026/04/12/2

access.redhat.com/security/cve/CVE-2026-5704 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2455360 (RHBZ#2455360) issue-tracking

cve.org (CVE-2026-5704)

nvd.nist.gov (CVE-2026-5704)

Download JSON