Critical Vulnerabilities in Perl's Archive::Tar Module Affect Multiple Linux Distributions

Recent advisories revealed critical vulnerabilities in Perl's Archive::Tar module, affecting multiple Linux distributions including Ubuntu and Mageia. CVE-2026-42496 allows attackers to exploit symlink and hardlink handling, potentially leading to unauthorized file access. CVE-2026-42497 similarly permits hardlink extraction to attacker-controlled paths. Additionally, CVE-2026-9538 enables memory exhaustion through manipulated tar headers. These vulnerabilities impact systems running affected versions of Perl and Archive::Tar prior to specified updates. Users are urged to update their systems to mitigate these risks. The vulnerabilities were disclosed on May 26, 2026, and patches are available. The situation is critical as exploitation could lead to significant service disruption.

Key Points: • Critical vulnerabilities in Perl's Archive::Tar module affect multiple Linux distributions. • CVE-2026-42496 and CVE-2026-42497 allow unauthorized file access via symlink and hardlink exploitation. • Patches are available; users are advised to update their systems immediately.