Vulnerability-Lookup

CVE-2026-33056 (GCVE-0-2026-33056)

Vulnerability from cvelistv5 – Published: 2026-03-20 07:11 – Updated: 2026-03-20 12:59

Title

tar-rs: unpack_in can chmod arbitrary directories by following symlinks

Summary

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory — and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45.

Severity ?

5.1 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

CWE

CWE-61 - UNIX Symbolic Link (Symlink) Following

Assigner

GitHub_M

References

URL

Tags

	https://github.com/alexcrichton/tar-rs/security/a…	x_refsource_CONFIRM
	https://github.com/alexcrichton/tar-rs/commit/17b…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	alexcrichton	tar-rs	Affected: < 0.4.45

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33056",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-20T12:59:15.595639Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-20T12:59:30.468Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tar-rs",
          "vendor": "alexcrichton",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.4.45"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate\u0027s unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory \u2014 and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T07:11:10.448Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph"
        },
        {
          "name": "https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446"
        }
      ],
      "source": {
        "advisory": "GHSA-j4xf-2g29-59ph",
        "discovery": "UNKNOWN"
      },
      "title": "tar-rs: unpack_in can chmod arbitrary directories by following symlinks"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33056",
    "datePublished": "2026-03-20T07:11:10.448Z",
    "dateReserved": "2026-03-17T18:10:50.213Z",
    "dateUpdated": "2026-03-20T12:59:30.468Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-33056\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-20T08:16:11.603\",\"lastModified\":\"2026-03-24T16:17:11.623\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate\u0027s unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory \u2014 and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45.\"},{\"lang\":\"es\",\"value\":\"tar-rs es una biblioteca de lectura/escritura de archivos tar para Rust. En las versiones 0.4.44 e inferiores, al desempaquetar un archivo tar, la funci\u00f3n `unpack_dir` del crate `tar` utiliza `fs::metadata()` para verificar si una ruta que ya existe es un directorio. Debido a que `fs::metadata()` sigue los enlaces simb\u00f3licos, un tarball manipulado que contiene una entrada de enlace simb\u00f3lico seguida de una entrada de directorio con el mismo nombre hace que el crate trate el destino del enlace simb\u00f3lico como un directorio existente v\u00e1lido y, posteriormente, le aplique `chmod`. Esto permite a un atacante modificar los permisos de directorios arbitrarios fuera de la ra\u00edz de extracci\u00f3n. Este problema ha sido solucionado en la versi\u00f3n 0.4.45.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-61\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tar_project:tar:*:*:*:*:*:rust:*:*\",\"versionEndExcluding\":\"0.4.45\",\"matchCriteriaId\":\"6F3757EC-A7DB-41C4-A2CC-6D4BC1F59573\"}]}]}],\"references\":[{\"url\":\"https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\",\"Exploit\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33056\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-20T12:59:15.595639Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-20T12:59:23.475Z\"}}], \"cna\": {\"title\": \"tar-rs: unpack_in can chmod arbitrary directories by following symlinks\", \"source\": {\"advisory\": \"GHSA-j4xf-2g29-59ph\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"alexcrichton\", \"product\": \"tar-rs\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.4.45\"}]}], \"references\": [{\"url\": \"https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph\", \"name\": \"https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446\", \"name\": \"https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate\u0027s unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory \\u2014 and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-61\", \"description\": \"CWE-61: UNIX Symbolic Link (Symlink) Following\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-20T07:11:10.448Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-33056\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-20T12:59:30.468Z\", \"dateReserved\": \"2026-03-17T18:10:50.213Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-20T07:11:10.448Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-J4XF-2G29-59PH

Vulnerability from github – Published: 2026-03-20 17:25 – Updated: 2026-03-25 18:36

Summary

tar-rs `unpack_in` can chmod arbitrary directories by following symlinks

Details

Summary

When unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory — and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root.

Reproducer

A malicious tarball contains two entries: (1) a symlink foo pointing to an arbitrary external directory, and (2) a directory entry foo/. (or just foo). When unpacked, create_dir("foo") fails with EEXIST because the symlink is already on disk. The fs::metadata() check then follows the symlink, sees a directory at the target, and allows processing to continue. The directory entry's mode bits are then applied via chmod, which also follows the symlink — modifying the permissions of the external target directory.

Fix

The fix is very simple, we now use fs::symlink_metadata() in unpack_dir, so symlinks are detected and rejected rather than followed.

Credit

This issue was reported by @xokdvium - thank you!

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

5.1 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.4.44"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "tar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.45"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33056"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-61"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-20T17:25:09Z",
    "nvd_published_at": "2026-03-20T08:16:11Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nWhen unpacking a tar archive, the `tar` crate\u0027s `unpack_dir` function uses `fs::metadata()` to check whether a path that already exists is a directory. Because `fs::metadata()` follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory \u2014 and subsequently apply `chmod` to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root.\n\n## Reproducer\n\nA malicious tarball contains two entries: (1) a symlink `foo` pointing to an arbitrary external directory, and (2) a directory entry `foo/.` (or just `foo`). When unpacked, `create_dir(\"foo\")` fails with `EEXIST` because the symlink is already on disk. The `fs::metadata()` check then follows the symlink, sees a directory at the target, and allows processing to continue. The directory entry\u0027s mode bits are then applied via `chmod`, which also follows the symlink \u2014 modifying the permissions of the external target directory.\n\n## Fix \n\nThe fix is very simple, we now use `fs::symlink_metadata()` in `unpack_dir`, so symlinks are detected and rejected rather than followed.\n\n## Credit\n\nThis issue was reported by @xokdvium - thank you!",
  "id": "GHSA-j4xf-2g29-59ph",
  "modified": "2026-03-25T18:36:33Z",
  "published": "2026-03-20T17:25:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33056"
    },
    {
      "type": "WEB",
      "url": "https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/alexcrichton/tar-rs"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0067.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "tar-rs `unpack_in` can chmod arbitrary directories by following symlinks"
}

MSRC_CVE-2026-33056

Vulnerability from csaf_microsoft - Published: 2026-03-02 00:00 - Updated: 2026-03-31 15:18

Summary

tar-rs: unpack_in can chmod arbitrary directories by following symlinks

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2026-33056

CWE-61 - UNIX Symbolic Link (Symlink) Following

None Available There is no fix available for this vulnerability as of now

Vendor Fix 0.22.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade https://learn.microsoft.com/en-us/azure/azure-lin…

References

URL

Category

	https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self
	https://support.microsoft.com/lifecycle	external
	https://www.first.org/cvss	external
	https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-33056.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "tar-rs: unpack_in can chmod arbitrary directories by following symlinks",
    "tracking": {
      "current_release_date": "2026-03-31T15:18:00.000Z",
      "generator": {
        "date": "2026-04-01T07:38:22.487Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-33056",
      "initial_release_date": "2026-03-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-03-25T01:01:52.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-03-31T15:18:00.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 kata-containers-cc 3.15.0.aks0-7",
                "product": {
                  "name": "azl3 kata-containers-cc 3.15.0.aks0-7",
                  "product_id": "7"
                }
              },
              {
                "category": "product_version_range",
                "name": "azl3 kata-containers-cc 3.15.0.aks0-8",
                "product": {
                  "name": "azl3 kata-containers-cc 3.15.0.aks0-8",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version_range",
                "name": "cbl2 kata-containers-cc 3.2.0.azl2-8",
                "product": {
                  "name": "cbl2 kata-containers-cc 3.2.0.azl2-8",
                  "product_id": "13"
                }
              }
            ],
            "category": "product_name",
            "name": "kata-containers-cc"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 rpm-ostree 2024.4-6",
                "product": {
                  "name": "azl3 rpm-ostree 2024.4-6",
                  "product_id": "6"
                }
              },
              {
                "category": "product_version_range",
                "name": "cbl2 rpm-ostree 2022.1-8",
                "product": {
                  "name": "cbl2 rpm-ostree 2022.1-8",
                  "product_id": "12"
                }
              },
              {
                "category": "product_version_range",
                "name": "azl3 rpm-ostree 2024.4-8",
                "product": {
                  "name": "azl3 rpm-ostree 2024.4-8",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "rpm-ostree"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 rust 1.90.0-4",
                "product": {
                  "name": "azl3 rust 1.90.0-4",
                  "product_id": "8"
                }
              },
              {
                "category": "product_version_range",
                "name": "cbl2 rust 1.72.0-15",
                "product": {
                  "name": "cbl2 rust 1.72.0-15",
                  "product_id": "5"
                }
              },
              {
                "category": "product_version_range",
                "name": "azl3 rust 1.75.0-27",
                "product": {
                  "name": "azl3 rust 1.75.0-27",
                  "product_id": "4"
                }
              },
              {
                "category": "product_version_range",
                "name": "azl3 rust 1.90.0-6",
                "product": {
                  "name": "azl3 rust 1.90.0-6",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version_range",
                "name": "cbl2 rust 1.72.0-14",
                "product": {
                  "name": "cbl2 rust 1.72.0-14",
                  "product_id": "11"
                }
              },
              {
                "category": "product_version_range",
                "name": "azl3 rust 1.75.0-25",
                "product": {
                  "name": "azl3 rust 1.75.0-25",
                  "product_id": "9"
                }
              }
            ],
            "category": "product_name",
            "name": "rust"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "cbl2 kata-containers 3.2.0.azl2-7",
                "product": {
                  "name": "cbl2 kata-containers 3.2.0.azl2-7",
                  "product_id": "14"
                }
              }
            ],
            "category": "product_name",
            "name": "kata-containers"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 trident 0.21.0-1",
                "product": {
                  "name": "\u003cazl3 trident 0.21.0-1",
                  "product_id": "10"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 trident 0.21.0-1",
                "product": {
                  "name": "azl3 trident 0.21.0-1",
                  "product_id": "20955"
                }
              }
            ],
            "category": "product_name",
            "name": "trident"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kata-containers-cc 3.15.0.aks0-7 as a component of Azure Linux 3.0",
          "product_id": "17084-7"
        },
        "product_reference": "7",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 rpm-ostree 2024.4-6 as a component of Azure Linux 3.0",
          "product_id": "17084-6"
        },
        "product_reference": "6",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 rust 1.90.0-4 as a component of Azure Linux 3.0",
          "product_id": "17084-8"
        },
        "product_reference": "8",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kata-containers-cc 3.15.0.aks0-8 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 rust 1.72.0-15 as a component of CBL Mariner 2.0",
          "product_id": "17086-5"
        },
        "product_reference": "5",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 rust 1.75.0-27 as a component of Azure Linux 3.0",
          "product_id": "17084-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 rust 1.90.0-6 as a component of Azure Linux 3.0",
          "product_id": "17084-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 kata-containers 3.2.0.azl2-7 as a component of CBL Mariner 2.0",
          "product_id": "17086-14"
        },
        "product_reference": "14",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 kata-containers-cc 3.2.0.azl2-8 as a component of CBL Mariner 2.0",
          "product_id": "17086-13"
        },
        "product_reference": "13",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 rpm-ostree 2022.1-8 as a component of CBL Mariner 2.0",
          "product_id": "17086-12"
        },
        "product_reference": "12",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 rust 1.72.0-14 as a component of CBL Mariner 2.0",
          "product_id": "17086-11"
        },
        "product_reference": "11",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 rust 1.75.0-25 as a component of Azure Linux 3.0",
          "product_id": "17084-9"
        },
        "product_reference": "9",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 trident 0.21.0-1 as a component of Azure Linux 3.0",
          "product_id": "17084-10"
        },
        "product_reference": "10",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 trident 0.21.0-1 as a component of Azure Linux 3.0",
          "product_id": "20955-17084"
        },
        "product_reference": "20955",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 rpm-ostree 2024.4-8 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-33056",
      "cwe": {
        "id": "CWE-61",
        "name": "UNIX Symbolic Link (Symlink) Following"
      },
      "notes": [
        {
          "category": "general",
          "text": "GitHub_M",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "20955-17084"
        ],
        "known_affected": [
          "17084-7",
          "17084-6",
          "17084-8",
          "17084-2",
          "17086-5",
          "17084-4",
          "17084-3",
          "17086-14",
          "17086-13",
          "17086-12",
          "17086-11",
          "17084-9",
          "17084-10",
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-33056.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2026-03-25T01:01:52.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-7"
          ]
        },
        {
          "category": "none_available",
          "date": "2026-03-25T01:01:52.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-6"
          ]
        },
        {
          "category": "none_available",
          "date": "2026-03-25T01:01:52.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-8"
          ]
        },
        {
          "category": "none_available",
          "date": "2026-03-25T01:01:52.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-2"
          ]
        },
        {
          "category": "none_available",
          "date": "2026-03-25T01:01:52.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-5"
          ]
        },
        {
          "category": "none_available",
          "date": "2026-03-25T01:01:52.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-4"
          ]
        },
        {
          "category": "none_available",
          "date": "2026-03-25T01:01:52.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-3"
          ]
        },
        {
          "category": "none_available",
          "date": "2026-03-25T01:01:52.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-14"
          ]
        },
        {
          "category": "none_available",
          "date": "2026-03-25T01:01:52.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-13"
          ]
        },
        {
          "category": "none_available",
          "date": "2026-03-25T01:01:52.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-12"
          ]
        },
        {
          "category": "none_available",
          "date": "2026-03-25T01:01:52.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-11"
          ]
        },
        {
          "category": "none_available",
          "date": "2026-03-25T01:01:52.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-9"
          ]
        },
        {
          "category": "none_available",
          "date": "2026-03-25T01:01:52.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-1"
          ]
        },
        {
          "category": "vendor_fix",
          "date": "2026-03-25T01:01:52.000Z",
          "details": "0.22.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-10"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "title": "tar-rs: unpack_in can chmod arbitrary directories by following symlinks"
    }
  ]
}

FKIE_CVE-2026-33056

Vulnerability from fkie_nvd - Published: 2026-03-20 08:16 - Updated: 2026-03-24 16:17

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446	Patch
	security-advisories@github.com	https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph	Mitigation, Vendor Advisory, Exploit

Impacted products

	Vendor	Product	Version
	tar_project	tar	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tar_project:tar:*:*:*:*:*:rust:*:*",
              "matchCriteriaId": "6F3757EC-A7DB-41C4-A2CC-6D4BC1F59573",
              "versionEndExcluding": "0.4.45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate\u0027s unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory \u2014 and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45."
    },
    {
      "lang": "es",
      "value": "tar-rs es una biblioteca de lectura/escritura de archivos tar para Rust. En las versiones 0.4.44 e inferiores, al desempaquetar un archivo tar, la funci\u00f3n `unpack_dir` del crate `tar` utiliza `fs::metadata()` para verificar si una ruta que ya existe es un directorio. Debido a que `fs::metadata()` sigue los enlaces simb\u00f3licos, un tarball manipulado que contiene una entrada de enlace simb\u00f3lico seguida de una entrada de directorio con el mismo nombre hace que el crate trate el destino del enlace simb\u00f3lico como un directorio existente v\u00e1lido y, posteriormente, le aplique `chmod`. Esto permite a un atacante modificar los permisos de directorios arbitrarios fuera de la ra\u00edz de extracci\u00f3n. Este problema ha sido solucionado en la versi\u00f3n 0.4.45."
    }
  ],
  "id": "CVE-2026-33056",
  "lastModified": "2026-03-24T16:17:11.623",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "ACTIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-20T08:16:11.603",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory",
        "Exploit"
      ],
      "url": "https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-61"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

rustsec-2026-0067

Vulnerability from osv_rustsec

Published

2026-03-19 12:00

Modified

2026-03-23 09:31

Summary

`unpack_in` can chmod arbitrary directories by following symlinks

Details

In versions 0.4.44 and below of tar-rs, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory — and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root.

This issue has been fixed in version 0.4.45.

Severity

5.1 (Medium)


                    
                      CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

References

URL

Type

	https://crates.io/crates/tar	PACKAGE
	https://rustsec.org/advisories/RUSTSEC-2026-0067.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "categories": [],
        "cvss": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
        "informational": null
      },
      "ecosystem_specific": {
        "affected_functions": null,
        "affects": {
          "arch": [],
          "functions": [
            "tar::Entry::unpack",
            "tar::Entry::unpack_in"
          ],
          "os": []
        }
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "tar",
        "purl": "pkg:cargo/tar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0-0"
            },
            {
              "fixed": "0.4.45"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "versions": []
    }
  ],
  "aliases": [
    "CVE-2026-33056",
    "GHSA-j4xf-2g29-59ph"
  ],
  "database_specific": {
    "license": "CC0-1.0"
  },
  "details": "In versions 0.4.44 and below of tar-rs, when unpacking a tar archive, the tar\ncrate\u0027s `unpack_dir` function uses [`fs::metadata()`][fs-metadata] to check\nwhether a path that already exists is a directory. Because `fs::metadata()`\nfollows symbolic links, a crafted tarball containing a symlink entry followed\nby a directory entry with the same name causes the crate to treat the symlink\ntarget as a valid existing directory \u2014 and subsequently apply chmod to it. This\nallows an attacker to modify the permissions of arbitrary directories outside\nthe extraction root.\n\nThis issue has been fixed in version 0.4.45.\n\n[fs-metadata]: https://doc.rust-lang.org/std/fs/fn.metadata.html",
  "id": "RUSTSEC-2026-0067",
  "modified": "2026-03-23T09:31:59Z",
  "published": "2026-03-19T12:00:00Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://crates.io/crates/tar"
    },
    {
      "type": "ADVISORY",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0067.html"
    }
  ],
  "related": [],
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "`unpack_in` can chmod arbitrary directories by following symlinks"
}

CERTFR-2026-AVI-0386

Vulnerability from certfr_avis - Published: 2026-04-01 - Updated: 2026-04-01

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	CBL Mariner	cbl2 nodejs18 18.20.3-12 versions antérieures à 18.20.3-12
Microsoft	Azure Linux	azl3 telegraf 1.31.0-17 versions antérieures à 1.31.0-17
Microsoft	CBL Mariner	cbl2 ocaml 4.13.1-3 versions antérieures à 4.13.1-3
Microsoft	Azure Linux	azl3 ocaml 5.1.1-2 versions antérieures à 5.1.1-2
Microsoft	Azure Linux	azl3 flannel 0.24.2-26 versions antérieures à 0.24.2-26
Microsoft	Azure Linux	azl3 trident 0.21.0-1 versions antérieures à 0.22.0-1
Microsoft	Azure Linux	azl3 bind 9.20.18-1 versions antérieures à 9.20.21-1
Microsoft	CBL Mariner	cbl2 systemd-bootstrap 250.3-14 versions antérieures à 250.3-14
Microsoft	CBL Mariner	cbl2 telegraf 1.29.4-22 versions antérieures à 1.29.4-22
Microsoft	Azure Linux	azl3 libssh 0.10.6-6 versions antérieures à 0.10.6-6

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-33056 (GCVE-0-2026-33056)

GHSA-J4XF-2G29-59PH

Summary

Reproducer

Fix

Credit

MSRC_CVE-2026-33056

FKIE_CVE-2026-33056

rustsec-2026-0067

Vulnerability from osv_rustsec

CERTFR-2026-AVI-0386

Solutions

Tags

Sightings

Nomenclature