Main Vulnerability Database Exploits ID:12488 - Exploit for Link following in node-tar - CVE-2026-29786

ID:12488 - Exploit for Link following in node-tar - CVE-2026-29786

Published: March 13, 2026

Vulnerability identifier: #VU123629

Vulnerability risk: High

CVE-ID: CVE-2026-29786

CWE-ID: CWE-59

Exploitation vector: Remote access

Vulnerable software:
node-tar

Link to public exploit:

https://github.com/Rohitberiwala/NodeJS-Tar-Symlink-Exploit-CVE-2026-29786

Vulnerability description

The vulnerability allows a remote attacker to overwrite arbitrary files on the system.

The vulnerability exists due to insecure handling of hard links inside archives. A remote attacker can supply a specially crafted archive to the application that can overwrite arbitrary files on the system with privileges of the process performing data extraction.

Remediation

Install updates from vendor's website.

ID:12488 - Exploit for Link following in node-tar - CVE-2026-29786

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human