CVE-2026-23950
Published: 20 January 2026
Summary
CVE-2026-23950 is a high-severity Improper Handling of Unicode Encoding (CWE-176) vulnerability in Isaacs Tar. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation ensures timely patching of vulnerable node-tar versions up to 7.5.3, directly eliminating the Unicode path collision race condition that enables symlink poisoning and arbitrary file overwrites.
Information input validation during tar archive extraction rejects malicious symlinks and colliding Unicode paths, preventing the race condition bypass in the PathReservations system.
Software usage restrictions prohibit deployment or execution of vulnerable node-tar versions, blocking extraction of malicious tar archives on affected filesystems like macOS APFS.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables delivery of malicious tar archive requiring user extraction to trigger arbitrary file overwrite via symlink poisoning.
NVD Description
node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS,…
more
In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards and permits Symlink Poisoning attacks via race conditions. The library uses a `PathReservations` system to ensure that metadata checks and file operations for the same path are serialized. This prevents race conditions where one entry might clobber another concurrently. This is a Race Condition which enables Arbitrary File Overwrite. This vulnerability affects users and systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode normalization (in which `ß` and `ss` are different), conflicting paths do not have their order properly preserved under filesystems that ignore Unicode normalization (e.g., APFS (in which `ß` causes an inode collision with `ss`)). This enables an attacker to circumvent internal parallelization locks (`PathReservations`) using conflicting filenames within a malicious tar archive. The patch in version 7.5.4 updates `path-reservations.js` to use a normalization form that matches the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')` and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade promptly, and who are programmatically using `node-tar` to extract arbitrary tarball data should filter out all `SymbolicLink` entries (as npm does) to defend against arbitrary file writes via this file system entry name collision issue.
Deeper analysisAI
CVE-2026-23950 is a race condition vulnerability in node-tar, a Tar implementation for Node.js, affecting versions up to and including 7.5.3. The issue stems from incomplete handling of Unicode path collisions in the library's PathReservations system, which is designed to serialize metadata checks and file operations for the same path to prevent races. On case-insensitive or normalization-insensitive filesystems such as macOS APFS or HFS+, the library fails to properly lock colliding paths—like the Unicode characters ß and ss, which collide due to NFD normalization differences—allowing parallel processing that bypasses concurrency safeguards. This enables symlink poisoning attacks and results in arbitrary file overwrites.
A remote attacker can exploit this vulnerability by crafting a malicious tar archive containing conflicting filenames that exploit filesystem normalization behaviors. The attacker requires a user to extract the archive (user interaction), after which the race condition permits symlink poisoning, leading to arbitrary file overwrites outside the extraction directory. The CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L) reflects network accessibility, low attack complexity, no privileges needed, changed scope, low confidentiality impact, high integrity impact, and low availability impact.
The patch in node-tar version 7.5.4 addresses the issue by updating path-reservations.js to use NFKD normalization form matching the target filesystem, followed by toLocaleLowerCase('en') and then toLocaleUpperCase('en') for consistent path handling. As a workaround, users programmatically extracting arbitrary tarballs should filter out all SymbolicLink entries, as implemented by npm, to prevent arbitrary file writes via this filename collision issue. Details are available in the GitHub security advisory (GHSA-r6q2-hw4h-h46w) and the fixing commit (3b1abfae650056edfabcbe0a0df5954d390521e6).
Details
- CWE(s)