CVE-2026-42315: Tarfile Incomplete Symlink Validation
A custom tar archive extraction loop iterates over members to filter paths but fails to properly check for symlinks or hardlinks. Relying solely on path traversal checks does not prevent Symlink Escape attacks (a variant of Zip Slip), where an archive contains a symlink targeting outside the extraction directory and writes files through it. Ensure that `issy
greprules fetch cve-2026-42315-tarfile-incomplete-symlink-validation --engine opengrepDescription
A custom tar archive extraction loop iterates over members to filter paths but fails to properly check for symlinks or hardlinks. Relying solely on path traversal checks does not prevent Symlink Escape attacks (a variant of Zip Slip), where an archive contains a symlink targeting outside the extraction directory and writes files through it. Ensure that `issy
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.