AZL-77613

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77613.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-77613

Upstream

CVE-2026-26158

Published

2026-02-11T21:16:21Z

Modified

2026-04-21T04:34:18.911831Z

Summary

CVE-2026-26158 affecting package busybox for versions less than 1.36.1-22

Details

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-26158

Affected packages

Azure Linux:3 / busybox

Package

Name: busybox
Purl: pkg:rpm/azure-linux/busybox

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.36.1-22

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77613.json"