CVE-2026-26157: External Control of File Name or Path in Red Hat Red Hat Hardened Images
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.
AI Analysis
Technical Summary
The vulnerability CVE-2026-26157 affects BusyBox components within Red Hat Hardened Images. Due to incomplete path sanitization during archive extraction, an attacker can craft malicious archives that, when extracted under specific conditions, write files outside the intended directory. This flaw can result in arbitrary file overwrite, which may lead to code execution through modification of sensitive system files. The CVSS v3.1 base score is 7.0, reflecting high impact on confidentiality, integrity, and availability. Red Hat has issued security updates for BusyBox RPMs (version 1.37.0-7.2.hum1) to fix this vulnerability.
Potential Impact
Successful exploitation allows an attacker with local access to extract malicious archives that overwrite arbitrary files outside the extraction directory. This can compromise system integrity and confidentiality, potentially enabling code execution by modifying critical system files. The vulnerability has a CVSS score of 7.0, indicating high severity. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released updated BusyBox RPMs as part of Red Hat Hardened Images to address CVE-2026-26157. Users should apply the security update RHSA-2026:13831 promptly to remediate this vulnerability. Refer to Red Hat's official advisory at https://access.redhat.com/errata/RHSA-2026:13831 for detailed update instructions. No alternative mitigations or workarounds are specified by the vendor.
CVE-2026-26157: External Control of File Name or Path in Red Hat Red Hat Hardened Images
Description
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-26157 affects BusyBox components within Red Hat Hardened Images. Due to incomplete path sanitization during archive extraction, an attacker can craft malicious archives that, when extracted under specific conditions, write files outside the intended directory. This flaw can result in arbitrary file overwrite, which may lead to code execution through modification of sensitive system files. The CVSS v3.1 base score is 7.0, reflecting high impact on confidentiality, integrity, and availability. Red Hat has issued security updates for BusyBox RPMs (version 1.37.0-7.2.hum1) to fix this vulnerability.
Potential Impact
Successful exploitation allows an attacker with local access to extract malicious archives that overwrite arbitrary files outside the extraction directory. This can compromise system integrity and confidentiality, potentially enabling code execution by modifying critical system files. The vulnerability has a CVSS score of 7.0, indicating high severity. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released updated BusyBox RPMs as part of Red Hat Hardened Images to address CVE-2026-26157. Users should apply the security update RHSA-2026:13831 promptly to remediate this vulnerability. Refer to Red Hat's official advisory at https://access.redhat.com/errata/RHSA-2026:13831 for detailed update instructions. No alternative mitigations or workarounds are specified by the vendor.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-02-11T17:05:41.991Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHSA-2026:13831","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2026-26157","vendor":"Red Hat"}]
Threat ID: 698cea984b57a58fa1c97f49
Added to database: 2/11/2026, 8:46:16 PM
Last enriched: 5/6/2026, 1:40:17 AM
Last updated: 5/13/2026, 1:53:04 AM
Views: 162
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.