CVE-2026-59874

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18.
CVSS

No CVSS.

Configurations

No configuration.

History

08 Jul 2026, 18:16

Type Values Removed Values Added
References () https://github.com/isaacs/node-tar/security/advisories/GHSA-8x88-c5mf-7j5w - () https://github.com/isaacs/node-tar/security/advisories/GHSA-8x88-c5mf-7j5w -

08 Jul 2026, 16:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-08 16:16

Updated : 2026-07-08 18:16


NVD link : CVE-2026-59874

Mitre link : CVE-2026-59874

CVE.ORG link : CVE-2026-59874


JSON object : View

Products Affected

No product.

CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')