CVE-2026-42497

NVD data not available for this CVE. It may be pending analysis or not yet published.

Related Intelligence (1)

NVD HIGH: CVE-2026-42497 — Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker control...

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. _make_special_file() passes the tar header's linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode. A subsequent write through the extracted name modifies the victim file, and the post-extract

CVE-2026-42497

May 26, 2026NIST NVD