Red Hat Security Advisory: perl-Archive-Tar security update
A path traversal vulnerability (CVE-2026-42496) exists in the perl-Archive-Tar module used in Red Hat Enterprise Linux 9. This flaw allows arbitrary file access via crafted symbolic links in tar files. Red Hat has issued an important security update to address this issue in the perl-Archive-Tar package for multiple architectures and extended update support versions. The vulnerability is related to CWE-22 (Improper Limitation of a Pathname to a Restricted Directory).
AI Analysis
Technical Summary
The perl-Archive-Tar module, which provides object-oriented handling of tar files including support for compressed tar files when IO::Zlib is installed, contains a path traversal vulnerability (CVE-2026-42496). This vulnerability allows an attacker to craft symbolic links within tar archives that lead to arbitrary file access outside the intended extraction directory. Red Hat has issued a security advisory (RHSA-2026:30856) rating this issue as important and has released updated packages for Red Hat Enterprise Linux 9 and its extended update support versions to fix this flaw.
Potential Impact
Exploitation of this vulnerability could allow an attacker to access arbitrary files on the system by leveraging crafted symbolic links in tar archives. This could lead to unauthorized disclosure of sensitive information or modification of files if the attacker has the ability to extract malicious tar files. The severity is rated as important by Red Hat, indicating a significant security risk.
Mitigation Recommendations
Red Hat has released updated perl-Archive-Tar packages for Red Hat Enterprise Linux 9 and its extended update support versions that address this vulnerability. Users should apply these official security updates promptly to remediate the issue. For detailed update instructions, refer to Red Hat's advisory at https://access.redhat.com/articles/11258. No alternative mitigations are indicated in the advisory.
Red Hat Security Advisory: perl-Archive-Tar security update
Description
A path traversal vulnerability (CVE-2026-42496) exists in the perl-Archive-Tar module used in Red Hat Enterprise Linux 9. This flaw allows arbitrary file access via crafted symbolic links in tar files. Red Hat has issued an important security update to address this issue in the perl-Archive-Tar package for multiple architectures and extended update support versions. The vulnerability is related to CWE-22 (Improper Limitation of a Pathname to a Restricted Directory).
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The perl-Archive-Tar module, which provides object-oriented handling of tar files including support for compressed tar files when IO::Zlib is installed, contains a path traversal vulnerability (CVE-2026-42496). This vulnerability allows an attacker to craft symbolic links within tar archives that lead to arbitrary file access outside the intended extraction directory. Red Hat has issued a security advisory (RHSA-2026:30856) rating this issue as important and has released updated packages for Red Hat Enterprise Linux 9 and its extended update support versions to fix this flaw.
Potential Impact
Exploitation of this vulnerability could allow an attacker to access arbitrary files on the system by leveraging crafted symbolic links in tar archives. This could lead to unauthorized disclosure of sensitive information or modification of files if the attacker has the ability to extract malicious tar files. The severity is rated as important by Red Hat, indicating a significant security risk.
Mitigation Recommendations
Red Hat has released updated perl-Archive-Tar packages for Red Hat Enterprise Linux 9 and its extended update support versions that address this vulnerability. Users should apply these official security updates promptly to remediate the issue. For detailed update instructions, refer to Red Hat's advisory at https://access.redhat.com/articles/11258. No alternative mitigations are indicated in the advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:30856
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a42ed6527e9c79719937dca
Added to database: 06/29/2026, 22:10:45 UTC
Last enriched: 06/29/2026, 22:34:23 UTC
Last updated: 06/29/2026, 22:51:10 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.