7.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2026-26960

CVE-2026-26960: Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

Summary

tar.extract() in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options.

This enables arbitrary file read and write as the extracting user (no root, no chmod, no preservePaths).

Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive.

Details

The bypass chain uses two symlinks plus one hardlink:

a/b/c/up -> ../..
a/b/escape -> c/up/../..
exfil (hardlink) -> a/b/escape/<target-relative-to-parent-of-extract>

Why this works:

Linkpath checks are string-based and do not resolve symlinks on disk for hardlink target safety.
- See STRIPABSOLUTEPATH logic in:
  - ../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:255
  - ../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:268
  - ../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:281
Hardlink extraction resolves target as path.resolve(cwd, entry.linkpath) and then calls fs.link(target, destination).
- ../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:566
- ../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:567
- ../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:703
Parent directory safety checks (mkdir + symlink detection) are applied to the destination path of the extracted entry, not to the resolved hardlink target path.
- ../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:617
- ../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/unpack.js:619
- ../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/mkdir.js:27
- ../tar-audit-setuid - CVE/node_modules/tar/dist/commonjs/mkdir.js:101

As a result, exfil is created inside extraction root but linked to an external file. The PoC confirms shared inode and successful read+write via exfil.

PoC

hardlink.js Environment used for validation:

Node: v25.4.0
tar: 7.5.7
OS: macOS Darwin 25.2.0
Extract options: defaults (tar.extract({ file, cwd }))

Steps:

Prepare/locate a tar module. If require('tar') is not available locally, set TAR_MODULE to an absolute path to a tar package directory.
Run:

TAR_MODULE="$(cd '../tar-audit-setuid - CVE/node_modules/tar' && pwd)" node hardlink.js

Expected vulnerable output (key lines):

same_inode=true
read_ok=true
write_ok=true
result=VULNERABLE

Interpretation:

same_inode=true: extracted exfil and external secret are the same file object.
read_ok=true: reading exfil leaks external content.
write_ok=true: writing exfil modifies external file.

Impact

Vulnerability type:

Arbitrary file read/write via archive extraction path confusion and link resolution.

Who is impacted:

Any application/service that extracts attacker-controlled tar archives with Node tar defaults.
Impact scope is the privileges of the extracting process user.

Potential outcomes:

Read sensitive files reachable by the process user.
Overwrite writable files outside extraction root.
Escalate impact depending on deployment context (keys, configs, scripts, app data).

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2026-26960

CVE-2026-26960:

7.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Is this CVE running in your environment?

Easily map the attack path and prioritize which CVEs are a threat to your organization

Validate Exposure

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
tar	npm	< 7.5.8	7.5.8

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a path traversal issue in the node-tar library, enabling arbitrary file read and write. It occurs when extracting a specially crafted tar archive that uses a chain of symbolic links to make a hardlink point outside the intended extraction directory. The core of the vulnerability lies in the Unpack and UnpackSync classes, which handle the logic for creating files and links from the archive.

The vulnerable functions are Unpack.HARDLINK and its synchronous counterpart UnpackSync.HARDLINK. Before the patch, these functions would resolve the target path for a hardlink and create it without verifying if any component of that path was a symbolic link. The underlying filesystem call (fs.link) resolves symlinks, but the library itself performed no checks, allowing the traversal to escape the extraction root.

The patch (commit d18e4e1f846f4ddddc153b0f536a19c050e7499f) introduces a new validation method, ENSURE_NO_SYMLINK. This method is now invoked by HARDLINK and SYMLINK before any link is created. It traverses the proposed link path and uses fs.lstat (which does not follow symlinks) on each segment to ensure no part of the path is a symlink. If a symlink is found, the operation is aborted, preventing the attack. The same fix was proactively applied to the SYMLINK methods to prevent a similar exploit vector. During exploitation, a runtime profiler would show calls originating from tar.extract leading to these internal HARDLINK or SYMLINK methods within the Unpack/UnpackSync classes.

Vulnerable functions

Unpack.HARDLINK

src/unpack.ts

This method handles hardlink entries during asynchronous tar extraction. The original implementation resolved the link's target path and created the hardlink without checking if any part of the path was a symbolic link. This allowed an attacker to craft a tar archive with a symlink chain that could point to a file outside the intended extraction directory, leading to arbitrary file write. The method is referenced internally via a JavaScript Symbol, `HARDLINK`.

UnpackSync.HARDLINK

src/unpack.ts

This is the synchronous counterpart to `Unpack.HARDLINK`. It shares the same vulnerability, processing hardlink entries without validating the target path for symbolic links. This allows for the same path traversal attack during synchronous extraction operations. The method is referenced internally via a JavaScript Symbol, `HARDLINK`.

Unpack.SYMLINK

src/unpack.ts

While the primary exploit involves hardlinks, this method for creating symbolic links was also patched. It was similarly vulnerable, as it did not validate the link target path for existing symlinks, potentially allowing for similar path traversal attacks. The method is referenced internally via a JavaScript Symbol, `SYMLINK`.

UnpackSync.SYMLINK

src/unpack.ts

This is the synchronous version of `Unpack.SYMLINK`. It was vulnerable in the same way as its asynchronous counterpart, allowing for path traversal by not validating the presence of symbolic links in the target path during synchronous extraction. The method is referenced internally via a JavaScript Symbol, `SYMLINK`.

Vulnerability Intelligence
Miggo AI

Unlock WAF rules for this CVE

Generate vendor-ready rules for the observed attack patterns, plus reasoning and safe deployment guidance

Get WAF rules

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2026-26960: Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

Summary

Details

PoC

Impact

CVE-2026-26960:

7.1

-

Basic Information

Basic Information

Is this CVE running in your environment?

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

Vulnerability IntelligenceMiggo AI

Unlock WAF rules for this CVE

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

CVE-2026-26960: Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

Summary

Details

PoC

Impact

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

7.1

7.1

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI