CVE-2026-26158

Summary

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Hardened Images1.37.0-7.2.hum1 < *unaffected

Weaknesses

  • CWE-73: External Control of File Name or Path

Workarounds

As a prevention measure, avoid extracting tar archives from untrusted sources using BusyBox, especially when operating with elevated privileges. If processing untrusted archives is unavoidable, ensure that the extraction process is performed within a strictly sandboxed environment with minimal permissions. This operational control reduces the risk of arbitrary file modification and privilege escalation.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

Additional References

busybox: BusyBox: Arbitrary file modification and privilege escalation via unvalidated tar archive entries

Additional References

References