Donate Telegram

CVE-2026-5704

MEDIUM CVSS 3.1: 5.0 EPSS 0.03%

Apr 06, 2026

Updated Apr 12, 2026

tar

Parameter	Value
CVSS	5.0 (MEDIUM)
Type	CWE-434 (Unrestricted File Upload)
Vendor	tar
Public PoC	No

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

None

No data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-434 Unrestricted File Upload

References 5

https://access.redhat.com/security/cve/CVE-2026-5704

secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2455360

secalert@redhat.com

http://www.openwall.com/lists/oss-security/2026/04/11/10

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2026/04/11/11

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2026/04/12/2

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

CVE Details

CVE ID

CVE-2026-5704

Published Date

Apr 06, 2026

Vendor

tar

Severity

MEDIUM

CVSS v3.1 Score

5.0

Medium severity. Plan remediation.

Attack Analysis

Exploitability 1.3/10

How easy to exploit

Impact 3.6/10

Severity of consequences

Exploit Prediction (EPSS)

Probability of Exploit 0.03%

Likelihood of exploitation in next 30 days

Percentile: 7.1th percentile (higher than 7.1% of all CVEs)

Standard patching cycle

Impact

Complete data modification

Source

Editor's Choice