Fluid Attacks Database

Description

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
rpm rhel10	tar	-
rpm rhel7	tar	-
rpm rhel8	tar	-
debian 12	tar	=1.34+dfsg-1.2 \|\| =1.34+dfsg-1.2+deb12u1 \|\| =1.34+dfsg-1.3 \|\| =1.34+dfsg-1.4 \|\| =1.35+dfsg-1 \|\| =1.35+dfsg-2 \|\| =1.35+dfsg-3 \|\| =1.35+dfsg-3.1 \|\| =1.35+dfsg-4
debian 13	tar	=1.35+dfsg-3.1 \|\| =1.35+dfsg-4
debian 14	tar	=1.35+dfsg-3.1 \|\| =1.35+dfsg-4
rpm rhel9	tar	-
debian 11	tar	=1.34+dfsg-1 \|\| =1.34+dfsg-1+deb11u1 \|\| =1.34+dfsg-1.1 \|\| =1.34+dfsg-1.2 \|\| =1.34+dfsg-1.3 \|\| =1.34+dfsg-1.4 \|\| =1.35+dfsg-1 \|\| =1.35+dfsg-2 \|\| =1.35+dfsg-3 \|\| =1.35+dfsg-3.1 \|\| =1.35+dfsg-4
rpm rhel6	tar	-

Aliases

1. CVE-2026-57042. NVD-2026-57043. OSV-2026-57044. OSV-DEBIAN-2026-57045. SECURITY-TRACKER-CVE-2026-5704

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.