#1132999 tar: CVE-2026-5704

Package:
src:tar
Source:
src:tar
Submitter:
Salvatore Bonaccorso
Date:
2026-04-11 18:43:01 UTC
Severity:
normal
Tags:
#1132999#5
Date:
2026-04-08 18:34:08 UTC
From:
To:
Hi,

The following vulnerability was published for tar.

Note at time of writing the only reference is the Red Hat bugzilla
entry, so this needs more research.

CVE-2026-5704[0]:
| A flaw was found in tar. A remote attacker could exploit this
| vulnerability by crafting a malicious archive, leading to hidden
| file injection with fully attacker-controlled content. This bypasses
| pre-extraction inspection mechanisms, potentially allowing an
| attacker to introduce malicious files onto a system without
| detection.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-5704
https://www.cve.org/CVERecord?id=CVE-2026-5704
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2455360

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore