Listen to this Post
The vulnerability in vlt (before version 1.0.0-rc.10) stems from insufficient sanitization of file paths within tar archive entries during the extraction process. When vlt extracts a tar file, it fails to properly validate and neutralize pathnames containing directory traversal sequences (e.g., ../../../../etc/passwd). An attacker can craft a malicious tar archive where a file entry’s name contains these sequences. During extraction, the software concatenates this unsanitized entry name to the target destination directory without resolving the `..` components to prevent escape. Consequently, the file is written to an arbitrary location outside the intended extraction directory, determined by the number of parent directory traversals in the path. This allows for arbitrary file overwrite on the host filesystem, potentially leading to remote code execution if critical system or application files are replaced.
Platform: vlt
Version: <1.0.0-rc.10
Vulnerability: Path Traversal
Severity: Moderate
date: Jan 28 2026
Prediction: Feb 04 2026
What Undercode Say:
Analytics
Identify vlt version vlt --version Simulate vulnerable extraction tar -tf malicious.tar Output: ../../../../tmp/exploit.sh Check for patch in source grep -r "sanitizePath|secureExtract" src/
How Exploit:
1. Attacker creates tar archive with malicious path.
2. User executes `vlt` to extract the archive.
- Payload is written to system location (e.g., /etc/cron.d).
4. Payload execution leads to compromise.
Protection from this CVE
- Upgrade to vlt >=1.0.0-rc.10.
- Extract archives in isolated containers.
- Pre-extract path audit using
tar -tf.
Impact:
Arbitrary File Overwrite
Potential RCE
Integrity Loss
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

