HomeCVE Intelligence › CVE-2026-50163
CVSS 7.1 HIGH Vulnerability

CVE-2026-50163: `oras-go` tar extraction: Hardlink entry with relative Linkname escapes extract dir via p…

Root cause The tar-extraction helper ensureLinkPath at [content/file/utils.go:262-275](https://github.com/oras-project/oras-go/blob/main/content/file/utils.go#L262-L275) validates that a hardlink's target resolves insid…

7.1CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-50163
Vendorgo
Affected Productoras.land/oras-go/v2
Vulnerability TypeVulnerability
CVSS Score7.1 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Root cause The tar-extraction helper ensureLinkPath at [content/file/utils.go:262-275](https://github.com/oras-project/oras-go/blob/main/content/file/utils.go#L262-L275) validates that a hardlink's target resolves inside the extract base, but then returns the original unresolved target string back to the caller: ``go

func ensureLinkPath(baseAbs, baseRel, link, target string) (string, error) { path := target if !filepath.IsAbs(target) { path = filepath.Join(filepath.Dir(link), target) // resolved FOR VALIDATION } if _, err := resolveRelToBase(baseAbs, baseRel, path); err != nil { return "", err } return target, nil // oldpath and newpath are interpreted relative to the current working directory of the calling process. So when target (i.e., header.Linkname`) is a relative p

🎯 Known Indicators of Compromise

{"type":"url","value":"https://github.com/oras-project/oras-go/blob/main/content/file/utils.go#L262-L275)","confidence_score":0.82,"first_seen":"2026-07-01","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-50163 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence