What is CVE-2026-5704?

CVE-2026-5704 is a medium-severity vulnerability in Red Hat Enterprise Linux 10, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 5.0/10. Published 2026-04-06.

How severe is CVE-2026-5704?

Medium severity. CVSS v3 base score is 5.0 out of 10.

Arbitrary file upload in Red Hat Enterprise Linux 10

CVE-2026-5704

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, poten…

Vulnerability class: Unrestricted File Upload

EPSS: 0.000 (8.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N.

Affected products

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

access.redhat.com/security/cve/CVE-2026-5704 (vdb-entry, x_refsource_REDHAT)
RHBZ#2455360 (issue-tracking, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2026-5704?: CVE-2026-5704 is a medium-severity vulnerability in Red Hat Enterprise Linux 10, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 5.0/10. Published 2026-04-06.
How severe is CVE-2026-5704?: Medium severity. CVSS v3 base score is 5.0 out of 10.