CVE-2026-29786

Exploitation Summary

EIP tracks 3 public exploits for CVE-2026-29786. PoCs published by XiaomingX, Jvr2022, Rohitberiwala.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-29786, a path traversal vulnerability in the `tar` npm package. The vulnerability allows a crafted archive to create a hardlink outside the intended extraction directory due to improper validation and path normalization.

Description

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.

Exploits (3)

github WRITEUP 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-29786

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-29786, a path traversal vulnerability in the `tar` npm package. The vulnerability allows a crafted archive to create a hardlink outside the intended extraction directory due to improper validation and path normalization.

Classification

Writeup 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: tar npm package version 7.5.9

No auth needed

Prerequisites: vulnerable version of the `tar` npm package · ability to provide a crafted tar archive

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 07, 2026 Full analysis →

nomisec WRITEUP 1 stars

by Jvr2022 · poc

https://github.com/Jvr2022/CVE-2026-29786

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-29786, a path traversal vulnerability in the `tar` npm package. The vulnerability allows a crafted archive to create a hardlink outside the intended extraction directory due to improper validation and path normalization.

Classification

Writeup 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: tar npm package version 7.5.9

No auth needed

Prerequisites: vulnerable version of the `tar` npm package · ability to provide a crafted tar archive

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 10, 2026 Full analysis →

nomisec WRITEUP

by Rohitberiwala · poc

https://github.com/Rohitberiwala/NodeJS-Tar-Symlink-Exploit-CVE-2026-29786

View Code ZIP pw:eip

This repository provides a technical analysis of CVE-2026-29786, a path traversal vulnerability in the Node.js `tar` package, detailing the attack mechanism involving symlinks and arbitrary file writes. It references a PoC script but does not include the actual exploit code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Node.js tar package version 7.5.9

No auth needed

Prerequisites: Node.js installed · vulnerable version of tar package (7.5.9)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 10, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96

Patch x_refsource_misc

https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f

View Patch ZIP pw:eip

tar < 7.5.10 - Path Traversal via Drive-Relative Hardlink

Exploitation Summary

Description

Exploits (3)

References (2)

Scores

CISA SSVC

Details