CVE-2026-42497
BaseFortify
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: CPANSec
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Archive::Tar versions before 3.08 for Perl, where the module extracts hardlinks from a tar archive without properly validating the link targets. Specifically, the _make_special_file() function passes the tar header's linkname to the link() system call without checking if the path is absolute or contains directory traversal sequences like "..". This allows an attacker to create hardlinks that point outside the intended extraction directory, sharing the inode of victim files.
As a result, when the extracted file is written to, it modifies the victim file outside the extraction directory. Additionally, the post-extraction operations that change file mode, ownership, and timestamps are applied to the shared inode, potentially altering sensitive files unintentionally.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized modification of files outside the extraction directory by an attacker supplying a malicious tar archive. Because hardlinks share the same inode, writing to the extracted file can overwrite or corrupt victim files elsewhere on the system.
Such unauthorized file modifications can compromise system integrity, lead to data loss, or allow privilege escalation if critical system or configuration files are altered.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the extraction of hardlinks to attacker-controlled paths outside the intended extraction directory by Archive::Tar versions before 3.08 for Perl.
Detection can focus on monitoring extraction activities for suspicious hardlink creations that point outside the extraction directory, especially those involving absolute paths or directory traversal sequences like "..".
Since the vulnerability is related to the _make_special_file() function passing unvalidated linknames to link(), you can check for unexpected hardlink creations or inode sharing between extracted files and files outside the extraction directory.
Commands to help detect this might include:
- Using 'find' to locate hardlinks created recently during extraction, for example: find /extraction/path -type f -links +1 -exec ls -li {} +
- Checking inode numbers of extracted files and comparing them to files outside the extraction directory to identify shared inodes.
- Monitoring logs or enabling debug output in Archive::Tar if running in SECURE EXTRACT MODE to detect and log attempts to extract hardlinks or symlinks with absolute or traversal paths.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately upgrade Archive::Tar to version 3.08 or later, where validation for symlink and hardlink targets has been added in SECURE EXTRACT MODE.
If upgrading is not immediately possible, avoid extracting untrusted tar archives using vulnerable versions of Archive::Tar.
Enable SECURE EXTRACT MODE if supported, which includes checks to prevent extraction of symlinks or hardlinks with absolute paths or directory traversal sequences.
Review and restrict permissions on directories where extraction occurs to limit potential damage from malicious hardlinks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Archive::Tar versions before 3.08 allows extraction of hardlinks to attacker-controlled paths outside the intended extraction directory. This can lead to unauthorized modification of files on the victim system.
Such unauthorized file modifications and potential data integrity breaches could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of data confidentiality, integrity, and access controls.
Specifically, if sensitive personal or health data is stored on affected systems, this vulnerability could lead to unauthorized data alteration or exposure, violating regulatory requirements for data protection and security.