CVE-2026-23745 is a high-severity vulnerability in the isaacs tar library for Node.js. The vulnerability arises from the failure to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is set to false, which is the default secure behavior. This oversight allows malicious archives to bypass extraction root restrictions, leading to arbitrary file overwrites via hardlinks and symlink poisoning through absolute symlink targets. The issue has been addressed in version 7.5.3.
With a CVSS score of 8.2, this vulnerability poses a significant risk, particularly in environments where the affected library is utilized. Organizations should assess their usage of the isaacs tar library and take appropriate action to mitigate potential threats. Given the nature of this vulnerability, attackers may leverage this flaw to execute arbitrary file writes, potentially compromising system integrity.
The urgency for remediation is critical. Organizations should prioritize patching this vulnerability immediately to prevent exploitation and safeguard sensitive data. The known exploit status further emphasizes the need for swift action, as the potential for damage can be substantial if left unaddressed.
Addressing this vulnerability not only protects organizational assets but also fortifies overall security postures against future threats. Organizations utilizing the affected versions should ensure they upgrade to version 7.5.3 or later to eliminate this risk.
Vulnerability Details
The node-tar library (<= 7.5.2) is vulnerable due to insufficient sanitization of linkpaths for hardlinks and symbolic links. This vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). Exploiting this vulnerability can lead to arbitrary file overwrites, making it a serious concern for systems relying on this library.
The vulnerability was published on January 16, 2026, and has a CVSS score of 8.2, indicating high severity. Organizations using this library should be aware of the potential impacts and take immediate steps to patch their systems.
Technical Analysis
The root cause of CVE-2026-23745 lies in the failure of the node-tar library to properly sanitize the link paths of hardlink and symbolic link entries. The attack vector is local, requiring an attacker to have access to the system where the library is used. The attack complexity is low, with no privileges required for exploitation.
User interaction is required, as the malicious archive must be extracted by the user. If successfully exploited, the confidentiality impact is high, while the integrity impact is low, and there is no availability impact.
Risk & Impact Analysis
Risk to organizations includes potential unauthorized access to sensitive files and the ability to manipulate system operations through arbitrary file writes. The blast radius can extend to any system utilizing the compromised library, creating a widespread impact if left unaddressed.
Given the high CVSS score and the confirmed existence of exploits, organizations must act swiftly. The urgency is critical, and immediate patching is necessary to mitigate the risk associated with this vulnerability. Failure to address this vulnerability could lead to severe consequences, including data breaches and loss of system integrity.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | Yes |
Public PoC | Yes |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The vulnerable versions of the tar library are all versions prior to 7.5.3. Organizations using any version up to 7.5.2 are at risk and should upgrade immediately to version 7.5.3 or later.
Mitigation & Remediation
To mitigate the risks associated with CVE-2026-23745, organizations should upgrade to version 7.5.3 of the tar library. Additionally, organizations may consider implementing configuration hardening by restricting the extraction of archives to safe directories and monitoring for abnormal file behaviors. For comprehensive testing of security measures, organizations should validate their remediation efforts through penetration testing to ensure that no similar vulnerabilities exist.
Detection Guidance
Organizations should monitor logs for indicators of unauthorized file access and unusual changes in directories where the tar library is used. Behavioral anomalies related to file operations should also be investigated, and network signatures should be established to detect potential exploitation attempts.
AppSecure Threat Intelligence Insight
CVE-2026-23745 highlights the ongoing challenges organizations face in securing libraries and dependencies. This vulnerability exemplifies the importance of continuous monitoring and timely updates to software components. Security teams should be aware of similar patterns in third-party libraries and implement proactive measures to identify and address new vulnerabilities as they arise.
For further insights into enhancing application security, organizations can refer to the following resources: penetration testing methodology, vulnerability management program design, and mobile app penetration testing guide to build a robust security posture.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)