CVE-2026-5704

MEDIUM EPSS 34.5%

Published Apr 6, 20262mo ago · Modified Jun 17, 20261w ago

5.5 CVSS 3.1

Medium

Published Apr 6, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.

CVSS Details

Base Score

5.5

Exploitability

1.8

Impact

3.6

Vector string

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality None

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

34.5% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt

Affected Products 7

Vendor	Product	Version	Range
gnu	tar	*	any
redhat	hardened_images	*	any
redhat	enterprise_linux	6.0	any
redhat	enterprise_linux	7.0	any
redhat	enterprise_linux	8.0	any
redhat	enterprise_linux	9.0	any
redhat	enterprise_linux	10.0	any

References 5

openwall.com http://www.openwall.com/lists/oss-security/2026/04/11/10

ExploitMailing ListThird Party Advisory
openwall.com http://www.openwall.com/lists/oss-security/2026/04/11/11

Mailing ListThird Party Advisory
openwall.com http://www.openwall.com/lists/oss-security/2026/04/12/2

ExploitMailing ListThird Party Advisory
access.redhat.com https://access.redhat.com/security/cve/CVE-2026-5704

Third Party Advisory
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2455360

ExploitIssue TrackingThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.