CNNVD-202602-1816 Information

CNNVD ID

CNNVD-202602-1816

Related CVE

CVE-2026-26158

• CNNVD Published: 2026-02-11

Description (Chinese)

BusyBox是乌克兰Denis Vlasenko个人开发者的一套包含了多个linux命令和工具的应用程序。 BusyBox存在安全漏洞，该漏洞源于其tar归档提取时未验证硬链接或符号链接条目，可能导致提取恶意归档时修改预期目录外的文件，进而可能权限提升。

Description (English)

BusyBox is a set of applications by Ukrainian individual Denis Vlasenko that contain a number of Linux commands and tools. BusyBox has a security loophole, which stems from the fact that the hard link or a symbol link entry is not verified at the time it is extracted from its tar archive, and may lead to changes in documents outside the intended directory when it is extracted from the malicious archive, which may lead to an increase in privileges.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-02-11

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2026-26158 https://bugzilla.redhat.com/show_bug.cgi?id=2439040 https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb