CVE-2026-26960 | isaacs node-tar up to 7.5.7 Extraction path traversal

Inserito da Angelo Barbosa | Feb 18, 2026 | CVE

A vulnerability was found in isaacs node-tar up to 7.5.7 and classified as critical. This vulnerability affects unknown code of the component Extraction Handler. Such manipulation leads to path traversal.

This vulnerability is listed as CVE-2026-26960. The attack may be performed from remote. There is no available exploit.

It is suggested to upgrade the affected component.

CVE-2026-26960 | isaacs node-tar up to 7.5.7 Extraction path traversal

Post correlati

CVE-2025-66288 | Parallels Toolbox CleanDrive link following (ZDI-25-1015)

CVE-2024-0161 | Dell PowerEdge Platform up to 2.21.1 SMM Communication input validation (dsa-2024-006)

CVE-2025-0937 | HashiCorp Nomad/Nomad Enterprise up to 1.9.5 ACL Policy authorization

CVE-2025-36157 | IBM Jazz Foundation up to 7.0.2 iFix035/7.0.3 iFix018/7.1.0 iFix004 authorization