216.73.216.170

CVE-2026-26158

· Published 11/02/2026 21:16 · Modified 11/02/2026 21:16

Labels: CVE-2026-26158 2026-02-11CVE-2026-26158CWE-73[email protected]

Essential information

Published
11/02/2026 21:16
Modified
11/02/2026 21:16
Author
Creator
CVSS
7.0 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
busybox / busybox cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*

References