Description
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.
Published: 2026-04-06
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Hidden File Injection
Action: Use Sandbox
AI Analysis

Impact

A flaw in the tar utility allows a remote attacker to craft a malicious archive that injects hidden files with attacker-controlled content. The injection bypasses tar’s pre‑extraction inspection, enabling the attacker to place malicious or deceptive files onto a system undetected. This can compromise system integrity and potentially lead to further exploitation.

Affected Systems

Red Hat Enterprise Linux versions 6 through 10 are vulnerable. Any installation of the tar command on these distributions is affected, regardless of specific minor releases.

Risk and Exploitability

The CVSS score of 5 indicates moderate severity. Although exploit data (EPSS) is not available and the vulnerability is not listed in the CISA KEV catalog, the ability to inject files remotely makes this a realistic threat. Attackers can trigger exploitation by causing an untrusted archive to be extracted—through file upload, mail, or other mechanisms—providing a vector for malicious files to appear on the target system.

Generated by OpenCVE AI on April 6, 2026 at 17:37 UTC.

Remediation

Vendor Workaround

To mitigate this issue, avoid extracting archives from untrusted sources. If processing untrusted archives is necessary, do so within a sandboxed environment to limit potential impact.

OpenCVE Recommended Actions

  • Avoid extracting archives from untrusted sources.
  • If extraction is necessary, perform it inside a sandboxed environment to contain potential impact.
  • Verify the integrity of extracted files with checksums or signatures whenever possible.
  • Regularly audit the system for unexpected or hidden files that may have been injected.

Generated by OpenCVE AI on April 6, 2026 at 17:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.
Title Tar: tar: hidden file injection via crafted archives
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-434
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-07T16:01:07.180Z

Reserved: 2026-04-06T13:37:17.528Z

Link: CVE-2026-5704

cve-icon Vulnrichment

Updated: 2026-04-07T15:48:18.346Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-06T16:16:42.140

Modified: 2026-04-07T13:20:11.643

Link: CVE-2026-5704

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-06T13:36:20Z

Links: CVE-2026-5704 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:32:22Z

Weaknesses