Description
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.
Published: 2026-04-06
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Malicious file injection
Action: Patch Now
AI Analysis

Impact

A flaw in the tar utility allows a remote attacker to craft an archive that injects hidden files with attacker‑controlled content during extraction, bypassing pre‑extraction inspection checks. The vulnerability is a classic instance of an unrestricted upload (CWE‑434), meaning the attacker can write arbitrary files to the filesystem, potentially leading to configuration compromise, privilege escalation, or subsequent code execution. The impact is that malicious files can appear undetected in a system after archive extraction.

Affected Systems

Red Hat Enterprise Linux releases 6 through 10 and Red Hat Hardened Images contain the vulnerable tar implementation. All supported installations of tar on these platforms are affected; no specific version numbers are supplied in the advisory, but the flaw applies to the default tar shipped with these distributions.

Risk and Exploitability

The CVSS score of 5 indicates a moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not currently listed in the CISA KEV catalog, meaning no known exploit is actively in use. The attack vector is inferred to be via delivering a malicious archive to a system that extracts it, such as through a user‑initiated extraction or an automated process that unpacks archives without validating provenance. If exploited, the attacker could implant malicious files that later run or trigger automated workflows that process these files.

Generated by OpenCVE AI on April 9, 2026 at 17:31 UTC.

Remediation

Vendor Workaround

To mitigate this issue, avoid extracting archives from untrusted sources. If processing untrusted archives is necessary, do so within a sandboxed environment to limit potential impact.

OpenCVE Recommended Actions

  • Apply the latest Red Hat security update for tar as it becomes available
  • Avoid extracting archives from untrusted sources
  • Perform archive extraction in a sandboxed or isolated environment to limit potential impact
  • Monitor system logs for unexpected file creation after extraction

Generated by OpenCVE AI on April 9, 2026 at 17:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu tar
Redhat hardened Images
CPEs cpe:2.3:a:gnu:tar:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Gnu
Gnu tar
Redhat hardened Images

Sun, 12 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
References

Sun, 12 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
References

Sat, 11 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
References

Thu, 09 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.
Title Tar: tar: hidden file injection via crafted archives
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-434
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N'}

Subscriptions

Gnu Tar
Redhat Enterprise Linux Hardened Images Hummingbird
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-22T20:15:40.736Z

Reserved: 2026-04-06T13:37:17.528Z

Link: CVE-2026-5704

cve-icon Vulnrichment

Updated: 2026-04-12T04:57:27.544Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T16:16:42.140

Modified: 2026-04-22T20:08:59.920

Link: CVE-2026-5704

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-06T13:36:20Z

Links: CVE-2026-5704 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:45:10Z

Weaknesses