node-tar – Arbitrary File Write / Read via Hardlink Escape
| Field | Value |
|---|---|
| CVE ID | CVE-2026-26960 |
| Affected Component | tar (Node.js package / node-tar) |
| Affected Versions | All versions prior to 7.5.8 |
| Fixed Version | 7.5.8 |
| CVSS v3.1 Score | 7.1 (High) |
| CVSS Vector | AV:L / AC:L / PR:N / UI:R / S:U / C:H / I:H / A:N |
| Severity | High |
| Exploitability | Exploitable when untrusted tar archives are extracted automatically (CI pipelines, upload handlers, build systems) |
| Exploit Availability | Public Proof-of-Concept available (educational use) |
| Official Patch / Upgrade | https://github.com/npm/node-tar/security/advisories |
Overview
A vulnerability was identified in the tar package for Node.js that allows arbitrary file read and write outside the intended extraction directory. The issue occurs during archive extraction when hardlink entries are processed.
It was determined that the library performed insufficient validation when resolving hardlink targets that were chained through symbolic links. Because filesystem resolution behaves differently from string-based path validation, the protection logic was bypassed.
As a result, files outside the extraction root could be accessed or modified with the privileges of the extracting process.
Technical Root Cause
During extraction:
- A tar archive may contain:
- Regular files
- Symbolic links
- Hardlinks
- When a hardlink entry is encountered, the library validates the target path.
- Validation is performed against the textual path representation.
- However, the actual filesystem operation (
fs.link) resolves symbolic links before linking. - If a malicious archive constructs:
- A symlink pointing outside the extraction directory
- A hardlink referencing that symlink path
This mismatch allows creation of a hardlink inside the extraction directory that actually points to an external file.
Exploitation Scenario
The following sequence may be used by an attacker:
- A crafted tar archive is uploaded.
- The archive contains:
- A symlink chain escaping the root directory.
- A hardlink entry referencing that symlink.
- The vulnerable application extracts the archive using default options.
- A hardlink is created inside the extraction directory.
- That hardlink references a sensitive file outside the directory.
Once created:
- Reading the file through the hardlink exposes sensitive content.
- Writing to the hardlink modifies the external file.
Impact depends entirely on the privileges of the extracting process.
Impact Analysis
Confidentiality
Sensitive files readable by the extracting user may be exposed:
- Configuration files
- SSH keys
- API tokens
- Environment files
Integrity
Files writable by the extracting user may be modified:
- Application scripts
- Build artifacts
- Startup scripts
- Deployment configurations
Availability
Direct availability impact is limited, but overwritten files may cause service failure.
Attack Surface
The vulnerability becomes exploitable in environments where:
- Tar archives are accepted from users
- CI systems automatically extract build artifacts
- Container image pipelines unpack layers
- Package managers process tarballs
- Temporary extraction directories run with elevated privileges
The risk increases significantly when extraction occurs as:
- root
- a CI service account with broad filesystem access
- a container runtime with host-mounted volumes
Proof-of-Concept (Educational)
A PoC demonstrates:
- Creation of symlink A → ../outside
- Creation of symlink B → A
- Hardlink referencing B/targetfile
After extraction:
- The hardlink inside extraction directory shares inode with external file
- Read operation confirms file content exposure
- Write operation confirms file modification
This PoC should only be executed in isolated test environments for validation and research purposes.
Indicators of Exploitation
The following behaviors may indicate exploitation:
- Unexpected hardlinks inside application directories
- Files inside extraction paths with link count > 1
- Inodes shared between application directories and system directories
- Unexpected file modifications immediately after archive extraction
- Node.js process invoking link/linkat syscalls
Detection
1. Dependency Detection
Identify vulnerable versions:
npm ls tar
yarn why tar
If version < 7.5.8 appears anywhere in the dependency tree, the application is vulnerable.
2. Archive Content Inspection
Inspect tar files before extraction:
tar -tvf suspicious.tar
Look for:
- Entries marked as hard links
- Entries containing
../ - Absolute paths beginning with
/ - Nested symlink chains
Quick filter:
tar -tf suspicious.tar | egrep '(^/|\.\./)'
Detect hardlink entries:
tar -tvf suspicious.tar | grep -i link
3. Linux Auditd Detection Rule
Monitor hardlink system calls by Node processes:
-a always,exit -F arch=b64 -S link -S linkat -F exe=/usr/bin/node -k node_tar_hardlink
Search audit logs:
ausearch -k node_tar_hardlink
Unexpected link operations during extraction should be investigated.
4. File System Hunt
Identify files with multiple hardlinks:
find /var/www /opt/app -xdev -type f -links +1 -printf '%n %i %p\n'
Match inode values:
ls -li /path/to/file
If the same inode appears in two different directory trees, hardlink escape may have occurred.
5. Process Monitoring (EDR Query Concept)
Search for:
- node process
- creating hardlinks
- writing outside expected directories
Example Linux process search:
ps aux | grep node
Correlate timestamps with file modification events:
stat filename
Log Sources for Detection
- Linux auditd logs
- EDR telemetry
- CI pipeline logs
- Application debug logs during extraction
- Container runtime logs
- File integrity monitoring systems
- Sysmon (Windows environments running Node)
Mitigation
Immediate Action
Upgrade to:
tar >= 7.5.8
Rebuild all applications and container images.
Temporary Mitigations (If Upgrade Delayed)
- Reject tar archives containing symlinks or hardlinks.
- Extract archives inside:
- Unprivileged containers
- Chroot environments
- Temporary isolated directories
- Drop privileges before extraction.
- Implement pre-extraction validation script.
Risk Assessment Guidance
| Environment | Risk Level |
|---|---|
| Public upload service | Critical |
| CI pipeline | High |
| Internal build system | Medium |
| Offline extraction tool | Low–Medium |
The vulnerability does not require network access itself, but exploitation is highly realistic in automated workflows.
Forensic Considerations
If exploitation is suspected:
- Identify extraction timestamps.
- Locate tar archives processed.
- Check inode matches.
- Validate integrity of sensitive files.
- Rotate credentials if readable files included:
- SSH keys
- API keys
- Secrets
- Review process execution logs around extraction time.
Remediation Checklist
- Identify all projects using tar
- Upgrade to 7.5.8
- Rebuild dependencies
- Rebuild containers
- Deploy patched versions
- Add CI dependency scanning
- Implement archive pre-validation
- Monitor link syscalls
Conclusion
CVE-2026-26960 exposes a subtle but dangerous flaw in archive extraction logic. The issue arises from improper resolution of hardlink targets through symlink chains, resulting in arbitrary file read and write capabilities outside the extraction root.
Systems that automatically process tar archives are at the highest risk. Because exploitation requires only archive extraction with default settings, environments handling untrusted archives must treat this vulnerability as urgent.
Upgrading to version 7.5.8 fully resolves the issue and is the recommended course of action.
