File Modification Vulnerability in BusyBox by Free Software Foundation
CVE-2026-26158

7HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 6
Vendor
CVE Published:
11 February 2026

What is CVE-2026-26158?

A security flaw in BusyBox enables attackers to craft malicious tar archives containing unvalidated hardlink or symlink entries. This can result in files being modified outside their intended extraction directory. If such an archive is extracted with elevated privileges, it may lead to privilege escalation, allowing unauthorized access to critical system files, which poses a significant risk to system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2026-26158
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2439040
issue-trackingx_refsource_REDHAT
https://git.busybox.net/busybox/commit/archival?id=3fb6b3...

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.