CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Isaacs: >> Tar >> 7.5.10 Security Vulnerabilities

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.

CVSS Score

8.2

EPSS Score

0.003

Published

2026-03-10

Page 1

Vulnerabilities

Vulnerable Software

Isaacs: >> Tar >> 7.5.10 Security Vulnerabilities

Products

Pricing

Contact Us