CVE-2026-26157

HIGH

Red Hat Enterprise Linux 6 - Path Traversal and Arbitrary File Write via BusyBox Archive Extraction

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-26157. PoCs published by Calil Khalil.

AI-analyzed exploit summary This exploit demonstrates a path traversal vulnerability in BusyBox 1.36.1 and 1.37.0 by creating a malicious TAR archive with a symlink that bypasses sanitization due to a flaw in the strip_unsafe_prefix() function, allowing arbitrary directory read via symlink traversal.

Description

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.

Exploits (1)

exploitdb WORKING POC

by Calil Khalil · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52538

View Code ZIP pw:eip

This exploit demonstrates a path traversal vulnerability in BusyBox 1.36.1 and 1.37.0 by creating a malicious TAR archive with a symlink that bypasses sanitization due to a flaw in the strip_unsafe_prefix() function, allowing arbitrary directory read via symlink traversal.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: BusyBox 1.36.1, 1.37.0

No auth needed

Prerequisites: ability to create and deliver a malicious TAR archive to the target system

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 05, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-253495.html

Vendor Advisory vendor-advisory x_refsource_redhat

RHSA-2026:13831

https://access.redhat.com/errata/RHSA-2026:13831

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2026-26157

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2439039

Patch

https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb

Scores

CVSS v3 7.0

EPSS 0.0066

EPSS Percentile 46.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-73

Status published

Products (4)

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Hardened Images

Red Hat/Red Hat Hardened Images 1.37.0-7.2.hum1

Red Hat/Red Hat Hardened Images 1

Published Feb 11, 2026

Tracked Since Feb 18, 2026