PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59871 isaacs CVE debrief

CVE-2026-59871 is a vulnerability in node-tar, a tar archive manipulation library for Node.js. Prior to version 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPath(entry.path).split('/') to throw an uncaught TypeError. This issue is fixed in version 7.5.18. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. Developers and administrators using node-tar in their applications should be aware of this vulnerability and take steps to upgrade to version 7.5.18 or later.

Vendor
isaacs
Product
node-tar
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-08
Original CVE updated
2026-07-10
Advisory published
2026-07-08
Advisory updated
2026-07-10

Who should care

Developers and administrators using node-tar in their applications should be aware of this vulnerability and take steps to upgrade to version 7.5.18 or later. This involves reviewing the affected applications, understanding the potential risks, and implementing necessary mitigations to minimize potential risks. Additionally, they should review compensating controls for exposed systems while remediation is scheduled and verified, and check relevant monitoring, detection, and logs for exposed assets that need extra review.

Technical summary

The vulnerability occurs in the src/pax.ts file of node-tar, where all-digit PAX path and linkpath values are coerced to JavaScript numbers. This causes issues with downstream path handling, leading to an uncaught TypeError. The fix is included in version 7.5.18 of node-tar. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM, indicating a moderate level of risk. However, the actual risk may vary depending on the specific use case and environment. Therefore, it is essential to carefully evaluate the vulnerability and implement appropriate mitigations to minimize potential risks.

Defensive priority

Medium-High due to potential path manipulation issues in tar archives, which could lead to security risks if not properly mitigated. Upgrade node-tar to version 7.5.18 or later and review affected applications to ensure they are not exposed to this vulnerability. Monitor for potential exploitation attempts and review compensating controls for exposed systems while remediation is scheduled and verified. Check relevant monitoring, detection, and logs for exposed assets that need extra review. Track exceptions, retest remediated assets, and close the item only after evidence is documented. Consider asset inventory and rollback/change windows as part of the remediation process. Source tracking is also recommended to ensure that all affected systems are properly identified and remediated. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM, indicating a moderate level of risk. However, the actual risk may vary depending on the specific use case and environment. Therefore, it is essential to carefully evaluate the vulnerability and implement appropriate mitigations to minimize potential risks. The issue is fixed in version 7.5.18 of node-tar, and users should upgrade to this version or later to prevent exploitation. In addition to upgrading, users should review their applications and systems for potential exposure and implement compensating controls as needed. This may include monitoring for suspicious activity, implementing additional security measures, and ensuring that all affected systems are properly remediated. By taking these steps, users can help minimize the risk associated with this vulnerability and ensure the security of their systems and data. The vulnerability is related to the handling of tar archives in Node.js, and it is essential to understand the potential risks and implement appropriate mitigations to prevent exploitation. The CVSS score and severity of the vulnerability indicate a moderate level of risk, but the actual risk may vary depending on the specific use case and environment. Therefore, it is crucial to carefully evaluate the vulnerability and implement appropriate mitigations to minimize potential risks. The issue is fixed,

Recommended defensive actions

  • Upgrade node-tar to version 7.5.18 or later
  • Review and update affected applications
  • Monitor for potential exploitation attempts
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Consider asset inventory and rollback/change windows as part of the remediation process

Evidence notes

The CVE record was published on 2026-07-08T16:16:33.723Z and was last modified on 2026-07-10T18:01:31.563Z. The NVD entry is currently Awaiting Analysis. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The issue is fixed in version 7.5.18 of node-tar. Evidence limits suggest that further details may be required to fully understand the vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T16:16:33.723Z and has not been modified since then.