Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-26158

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-11 Feb, 2026 | 20:27
Updated At-26 Feb, 2026 | 14:44
Rejected At-
Credits

Busybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entries

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:11 Feb, 2026 | 20:27
Updated At:26 Feb, 2026 | 14:44
Rejected At:
â–¼CVE Numbering Authority (CNA)
Busybox: busybox: arbitrary file modification and privilege escalation via unvalidated tar archive entries

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
busybox
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unknown
Problem Types
TypeCWE IDDescription
CWECWE-73External Control of File Name or Path
Type: CWE
CWE ID: CWE-73
Description: External Control of File Name or Path
Metrics
VersionBase scoreBase severityVector
3.17.0HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

As a prevention measure, avoid extracting tar archives from untrusted sources using BusyBox, especially when operating with elevated privileges. If processing untrusted archives is unavoidable, ensure that the extraction process is performed within a strictly sandboxed environment with minimal permissions. This operational control reduces the risk of arbitrary file modification and privilege escalation.

Exploits
Credits
Red Hat would like to thank Calil Khalil (Hakal) for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2026-02-11 18:09:00
Made public.2026-02-11 00:00:00
Event: Reported to Red Hat.
Date: 2026-02-11 18:09:00
Event: Made public.
Date: 2026-02-11 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-26158
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2439040
issue-tracking
x_refsource_REDHAT
https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb
N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-26158
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2439040
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:11 Feb, 2026 | 21:16
Updated At:12 Feb, 2026 | 15:10

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.0HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-73Primarysecalert@redhat.com
CWE ID: CWE-73
Type: Primary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/security/cve/CVE-2026-26158secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2439040secalert@redhat.com
N/A
https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cbsecalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-26158
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2439040
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2026-26157
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.01% / 0.23%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 20:27
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Busybox: busybox: arbitrary file overwrite and potential code execution via incomplete path sanitization

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 6
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-5222
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.05% / 15.33%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 20:51
Updated-23 Jan, 2026 | 11:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Icu: stack buffer overflow in the srbroot::addtag function

A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.

Action-Not Available
Vendor-unicodeRed Hat, Inc.
Product-international_components_for_unicodeRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-6655
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.06% / 17.21%
||
7 Day CHG~0.00%
Published-16 Jul, 2024 | 15:05
Updated-20 Nov, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gtk3: gtk2: library injection from cwd

A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 10Red Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-14905
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.64%
||
7 Day CHG~0.00%
Published-31 Mar, 2020 | 16:20
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.

Action-Not Available
Vendor-Red Hat, Inc.openSUSEFedora Project
Product-ceph_storagecloudforms_management_engineopenstackfedorabackports_sleansible_engineansible_towerleapAnsible
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2024-1485
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-1.20% / 78.74%
||
7 Day CHG-0.42%
Published-13 Feb, 2024 | 23:31
Updated-25 Feb, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Registry-support: decompress can delete files outside scope via relative paths

A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.

Action-Not Available
Vendor-devfileRed Hat, Inc.
Product-openshift_developer_tools_and_servicesopenshiftregistry-supportOpenShift Developer Tools and ServicesRed Hat OpenShift Container Platform 4
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-73
External Control of File Name or Path
CVE-2021-4472
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.11%
||
7 Day CHG~0.00%
Published-26 Nov, 2025 | 18:31
Updated-01 Dec, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenStack Platform 13 (Queens)Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 16.2
CWE ID-CWE-73
External Control of File Name or Path
CVE-2024-10492
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.7||LOW
EPSS-0.08% / 23.40%
||
7 Day CHG~0.00%
Published-25 Nov, 2024 | 07:37
Updated-11 Nov, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-quarkus-server: keycloak path trasversal

A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat build of Keycloak 26.0.6Red Hat build of Keycloak 26.0Red Hat build of Keycloak 24Red Hat build of Keycloak 24.0.9Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 8
CWE ID-CWE-73
External Control of File Name or Path
Details not found