Critical Permission Modification Vulnerability in Fedora StGit (CVE-2026-33056)

Severity: High (Score: 72.9)

Sources: Linuxsecurity

Summary

Fedora has released updates addressing a critical permission modification vulnerability in StGit, identified as CVE-2026-33056. This vulnerability allows arbitrary directory permission modifications through crafted tar archives, potentially impacting users who utilize StGit for managing Git commits. The issue was published on March 20, 2026, and affects Fedora versions 42 and 43. The updates were rebuilt with rust-tar 0.4.45 to mitigate this vulnerability. Users are advised to upgrade their systems using the 'dnf' update program. The vulnerability was reported in Bug #2449690, which details the nature of the flaw. This situation emphasizes the importance of timely updates to prevent exploitation. Current status indicates that the patch is available and should be applied immediately. Key Points: • CVE-2026-33056 allows arbitrary directory permission modifications via crafted tar archives. • Fedora versions 42 and 43 are affected by this critical vulnerability. • Users should update their systems using the 'dnf' upgrade program to mitigate the risk.

Key Entities

• CVE-2026-33056 (cve)
• T1222 - File And Directory Permissions Modification (mitre_attack)
• Fedora (company)
• tar (tool)