Skip to main content

Red Hat Enterprise Linux 10 CVE-2026-5704

| EUVDEUVD-2026-19317 MEDIUM
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-04-06 redhat
5.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
SUSE
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Red Hat
5.0 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 06, 2026 - 15:30 euvd
EUVD-2026-19317
Analysis Generated
Apr 06, 2026 - 15:30 vuln.today
CVE Published
Apr 06, 2026 - 15:17 nvd
MEDIUM 5.0

DescriptionCVE.org

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.

AnalysisAI

Tar archive extraction allows hidden file injection by local authenticated users through crafted malicious archives, bypassing pre-extraction inspection mechanisms and enabling introduction of attacker-controlled files. The vulnerability affects Red Hat Enterprise Linux versions 6 through 10, requires local access and user interaction (extraction action), and presents a moderate integrity risk (CVSS 5.0) with no confirmed active exploitation or public proof-of-concept at time of analysis.

Technical ContextAI

The vulnerability exists in the tar utility's handling of archive contents during extraction. It is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type), indicating a failure to properly validate or restrict file types and paths during archive extraction. The flaw allows an attacker to craft a specially formatted tar archive containing hidden files (likely leveraging tar's support for special file naming, path traversal sequences, or metadata manipulation) that evade conventional pre-extraction scanning tools. When a local user extracts such an archive with their privileges, the malicious files are written to unintended locations on the filesystem, bypassing detection mechanisms that examine the archive before extraction begins.

RemediationAI

Apply the security update provided by Red Hat for your RHEL version through standard package management (yum or dnf). Check https://access.redhat.com/security/cve/CVE-2026-5704 for the specific patched tar package version corresponding to your RHEL release. Until patching is complete, implement procedural controls: restrict archive extraction to trusted sources only, require administrative review before extracting archives from external origins, and educate users to avoid extracting archives from untrusted parties. Consider using alternative archive extraction tools with stricter validation if available for your workflows, though the underlying issue may affect system tar more broadly.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5674 HIGH
8.8 Jul 16

Sandbox escape in PipeWire's PulseAudio compatibility layer lets a low-privileged process inside a confined environment

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SLES15-SP5-CHOST-BYOS-SAP-CCloud Fixed
SLES15-SP6-CHOST-BYOS Fixed
SLES15-SP6-CHOST-BYOS-Aliyun Fixed
SLES15-SP6-CHOST-BYOS-Azure Fixed
SLES15-SP6-CHOST-BYOS-EC2 Fixed

Share

CVE-2026-5704 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy