What is CVE-2026-24842?

CVE-2026-24842 is a high-severity vulnerability in Isaacs Node-tar, classified under Path Traversal. CVSS score: 8.2/10. Published 2026-01-28.

How severe is CVE-2026-24842?

High severity. CVSS v3 base score is 8.2 out of 10.

Path Traversal in Isaacs Node-tar

CVE-2026-24842

node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacke…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (8.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N.

Affected products

Isaacs Node-tar — versions < 7.5.7

Weakness classification (CWE)

References

https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v (x_refsource_CONFIRM)
https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-24842?: CVE-2026-24842 is a high-severity vulnerability in Isaacs Node-tar, classified under Path Traversal. CVSS score: 8.2/10. Published 2026-01-28.
How severe is CVE-2026-24842?: High severity. CVSS v3 base score is 8.2 out of 10.