Security vulnerabilities and automated fixes for hardlink issues
1 post found
A medium-severity path traversal vulnerability (CVE-2026-24842) was discovered in node-tar that allowed attackers to create arbitrary files outside intended directories by exploiting a flaw in the hardlink security check. This vulnerability could enable malicious actors to overwrite critical system files or inject malicious code by crafting specially designed tar archives. The fix has been deployed to prevent this hardlink-based directory escape attack.