Zero Day MonitorZDM

← Back to list

5.0

CVE-2026-5704

red hat · red hat enterprise linux

Tar: tar: hidden file injection via crafted archives

Description

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux	—

References

https://access.redhat.com/security/cve/CVE-2026-5704(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2455360(issue-tracking, x_refsource_REDHAT)

Related News (1 articles)

Tier C

VulDB3h ago

CVE-2026-5704 | tar Archive injection

→ No new info (linked only)

CVSS 3.15.0 CRITICAL

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

CISA KEV❌ No

Actively exploited❌ No

CWECWE-434

PublishedApr 6, 2026

Last enriched2h agov2

Trending Score31

Source articles1

Independent1

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-33540EXP

Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

HIGHCVE-2026-4634EXP

Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters

HIGHCVE-2026-3872EXP

Keycloak: keycloak: information disclosure due to redirect_uri validation bypass

HIGHCVE-2026-4282EXP

Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw

HIGHCVE-2026-4636EXP

Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 6, 2026

Discovered by ZDM

Apr 6, 2026

Updated: severity

Apr 6, 2026

Version History

v2

Last enriched 2h ago

v2Tier C2h ago

Updated severity to CRITICAL and corrected exploit availability to false.

severity

via VulDB

v14h ago

Initial creation