CVE-2026-5704
MEDIUM WAF: Medium
CVSS 5.5
Published: 2026-04-06
CWE-434
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| gnu | tar | - |
| redhat | hardened_images | - |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
References
- access.redhat.com (Third Party Advisory)
- bugzilla.redhat.com (Exploit, Issue Tracking, Third Party Advisory)
- www.openwall.com (Exploit, Mailing List, Third Party Advisory)
- www.openwall.com (Mailing List, Third Party Advisory)
- www.openwall.com (Exploit, Mailing List, Third Party Advisory)