CVE-2026-33056: Arbitrary Directory Permission Modification via Symlink Following in tar-rs

The tar-rs library provides archive processing capabilities for Rust applications. Applications utilizing versions 0.4.44 and earlier are susceptible to a UNIX Symbolic Link Following vulnerability (CWE-61) within the directory unpacking module.

During extraction, the library processes directory entries and sets their metadata, including filesystem permissions. The vulnerability manifests when the library processes a directory entry that shares a name with a previously extracted symbolic link. The extraction logic fails to securely differentiate between a concrete directory and a symlink pointing to a directory.

Because the extraction engine evaluates the target of the symlink rather than the symlink itself, subsequent permission modifications are applied to the target path. This logic error allows an attacker to supply a crafted archive that maliciously alters permissions of arbitrary directories outside the intended extraction root.

The root cause of CVE-2026-33056 resides in the fallback logic of the unpack_dir function within the src/entry.rs file. When tar-rs extracts a directory entry, it calls std::fs::create_dir to instantiate the directory on the filesystem. If a file or symlink already exists at the target path, the Rust standard library returns an AlreadyExists error.

Upon receiving the AlreadyExists error, the tar-rs library attempts to merge the archive contents by verifying if the existing filesystem entity is a directory. The vulnerable implementation performs this verification using the std::fs::metadata function. The std::fs::metadata function inherently resolves symbolic links and returns the metadata of the ultimate target rather than the link itself.

When an attacker provides a symbolic link followed by a directory entry of the same name, the initial extraction creates the symlink. The subsequent extraction of the directory triggers the AlreadyExists error, and std::fs::metadata follows the attacker-controlled symlink. The library then applies the directory's permission bits using a chmod operation against the resolved target path, modifying host system directories.

An analysis of the vulnerable src/entry.rs code reveals the exact point of failure. The implementation attempts to handle existing directories gracefully but relies on an unsafe metadata query.

// Vulnerable Code (src/entry.rs in v0.4.44)
fs::create_dir(dst).or_else(|err| {
    if err.kind() == ErrorKind::AlreadyExists {
        let prev = fs::metadata(dst);
        if prev.map(|m| m.is_dir()).unwrap_or(false) {
            return Ok(());
        }
    }
    Err(err)
})

The patch applied in version 0.4.45 mitigates this by replacing fs::metadata with fs::symlink_metadata. The symlink_metadata function returns information about the symlink itself without traversing it.

// Patched Code (src/entry.rs in v0.4.45)
fs::create_dir(dst).or_else(|err| {
    if err.kind() == ErrorKind::AlreadyExists {
        let prev = fs::symlink_metadata(dst);
        if prev.map(|m| m.is_dir()).unwrap_or(false) {
            return Ok(());
        }
    }
    Err(err)
})

By querying the symlink directly, m.is_dir() correctly evaluates to false when encountering a symlink. The function subsequently returns an error, preventing the application of directory permissions to an external target.

Exploiting this vulnerability requires the attacker to construct a specialized tar archive that dictates the sequence of file operations on the victim machine. The archive must contain at least two entries sharing the exact same path name.

The first entry must be a symbolic link pointing to the target directory the attacker wishes to modify, such as /etc/cron.d or a user's .ssh directory. The second entry must be a directory utilizing the identical name as the symlink, carrying the attacker-desired permission mode bits (e.g., 0o777).

When the application processes this archive, it creates the symlink during the first pass. During the second pass, the directory creation fails, triggering the metadata fallback. The extraction engine resolves the link, verifies the external target is a directory, and applies the mode bits from the archive header to the external directory.

The vulnerability enables an attacker to perform unauthorized modification of directory permissions across the host system, constrained only by the privileges of the process running tar-rs. The CVSS v4.0 base score is calculated at 5.1 (Medium), reflecting a localized integrity impact with no direct confidentiality or availability compromises.

An adversary cannot read or write arbitrary file contents directly via this vector. However, altering directory permissions serves as a significant secondary attack vector. Modifying a restricted directory to 0o777 grants all local users write access, potentially leading to privilege escalation if the directory hosts critical system binaries or configuration files.

The EPSS score for this vulnerability is 0.00064, placing it in the 19.75th percentile. This low predictive metric indicates that active exploitation in the wild is currently unlikely, though the availability of public proof-of-concept components warrants timely remediation.

Organizations must update dependencies to tar-rs version 0.4.45 or later. This upgrade addresses the core symlink resolution error within the library's extraction logic.

Beyond patching the library, developers should implement defense-in-depth strategies when processing untrusted archives. The extraction process should execute within an OS-level container or a restricted namespace to limit filesystem access. Capabilities should be dropped to ensure the process only accesses its designated extraction root.

Additionally, applications can utilize libraries like cap-std to strictly enforce capability-based directory interactions. This ensures that even if a path traversal or symlink following flaw exists within a parsing library, the underlying system calls are confined to the intended sandbox, negating the impact of vulnerabilities like CVE-2026-33056.