CVE-2026-59874 - node-tar: Negative tar entry size causes infinite loop in archive replace
CVE ID :CVE-2026-59874 Published : July 8, 2026, 4:16 p.m. | 58 minutes ago Description :node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to...