vulnerability
Rocky Linux: CVE-2026-24842: linux-sgx (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:N/C:C/I:P/A:N) | May 28, 2026 | Jun 1, 2026 | Jun 1, 2026 |
Severity
8
CVSS
(AV:N/AC:M/Au:N/C:C/I:P/A:N)
Published
May 28, 2026
Added
Jun 1, 2026
Modified
Jun 1, 2026
Description
node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.
Solutions
rocky-upgrade-linux-sgx-debuginforocky-upgrade-linux-sgx-debugsourcerocky-upgrade-sgx-commonrocky-upgrade-sgx-libsrocky-upgrade-sgx-libs-debuginforocky-upgrade-sgx-mparocky-upgrade-sgx-mpa-debuginforocky-upgrade-sgx-pccsrocky-upgrade-sgx-pccs-adminrocky-upgrade-sgx-pccs-debuginforocky-upgrade-sgx-pckid-toolrocky-upgrade-sgx-pckid-tool-debuginforocky-upgrade-tdx-qgsrocky-upgrade-tdx-qgs-debuginfo
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.