CVE-2026-26158EPSS p4.9%

CVE-2026-26158CVE-2026-26158

Description

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.

Scoring

CVSS 7.0 ()
VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.15% probability of exploitation · percentile 4.9% · 2026-06-19T12:03:05Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-26157
CVE
CVE-2026-22907
CVE
CVE-2025-1127
CVE
CVE-2025-46394
CVE
CVE-2026-24088
CVE
CVE-2026-7774
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.