CVE-2026-26158: External Control of File Name or Path in Red Hat Red Hat Hardened Images
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.
AI Analysis
Technical Summary
This vulnerability in BusyBox, included in Red Hat Hardened Images, involves improper validation of hardlink or symlink entries in tar archives. An attacker can exploit this by creating a malicious tar archive that, when extracted with elevated privileges, modifies files outside the intended directory. This external control of file name or path can result in privilege escalation. The CVSS v3.1 score is 7.0, indicating high severity. Red Hat has issued security updates for BusyBox packages to fix this vulnerability.
Potential Impact
Successful exploitation allows an attacker to escalate privileges by modifying critical system files outside the intended extraction directory when extracting a crafted tar archive with elevated privileges. This can lead to unauthorized access and potential system compromise.
Mitigation Recommendations
Red Hat has released security updates for BusyBox RPMs in Red Hat Hardened Images that address CVE-2026-26158. Users should apply the update as described in the Red Hat advisory RHSA-2026:13831 available at https://access.redhat.com/errata/RHSA-2026:13831. Applying this official fix mitigates the vulnerability. No additional mitigations are specified or required beyond applying the update.
CVE-2026-26158: External Control of File Name or Path in Red Hat Red Hat Hardened Images
Description
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in BusyBox, included in Red Hat Hardened Images, involves improper validation of hardlink or symlink entries in tar archives. An attacker can exploit this by creating a malicious tar archive that, when extracted with elevated privileges, modifies files outside the intended directory. This external control of file name or path can result in privilege escalation. The CVSS v3.1 score is 7.0, indicating high severity. Red Hat has issued security updates for BusyBox packages to fix this vulnerability.
Potential Impact
Successful exploitation allows an attacker to escalate privileges by modifying critical system files outside the intended extraction directory when extracting a crafted tar archive with elevated privileges. This can lead to unauthorized access and potential system compromise.
Mitigation Recommendations
Red Hat has released security updates for BusyBox RPMs in Red Hat Hardened Images that address CVE-2026-26158. Users should apply the update as described in the Red Hat advisory RHSA-2026:13831 available at https://access.redhat.com/errata/RHSA-2026:13831. Applying this official fix mitigates the vulnerability. No additional mitigations are specified or required beyond applying the update.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-02-11T17:05:41.991Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHSA-2026:13831","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2026-26158","vendor":"Red Hat"}]
Threat ID: 698cea984b57a58fa1c97f4e
Added to database: 2/11/2026, 8:46:16 PM
Last enriched: 5/6/2026, 1:40:24 AM
Last updated: 5/13/2026, 5:58:45 AM
Views: 261
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.