File Modification Vulnerability in BusyBox by Free Software Foundation

CVE-2026-26158

What is CVE-2026-26158?

A security flaw in BusyBox enables attackers to craft malicious tar archives containing unvalidated hardlink or symlink entries. This can result in files being modified outside their intended extraction directory. If such an archive is extracted with elevated privileges, it may lead to privilege escalation, allowing unauthorized access to critical system files, which poses a significant risk to system integrity.

References