Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Astral security patch release for CVE-2025-62518

Security Patch Release
First reported
Last updated
Happening score
H score 15
2 unique sources, 2 articles

Summary

Hide ▲

Astral released astral-tokio-tar 0.5.6 to fix a boundary parsing flaw in TAR processing that could enable file overwriting and remote code execution. The update addresses CVE-2025-62518 and gives users of tokio-tar a migration path because the upstream library has no patch. The vulnerability affects archive handling with PAX/ustar headers and can be abused to smuggle nested TAR entries.

Related Happenings

NGINX rewrite-rule workaround for CVE-2026-42945

Advisory/Mitigation
First: 14.05.2026 18:43 Last: 14.05.2026 18:43 Sources 1

About this happening: **F5** issued a **workaround** for vulnerable **NGINX rewrite rules**, reducing exposure to **CVE-2026-42945** for operators who cannot upgrade immediately. The guidance replaces...

Open Happening

Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)

Security Patch Release
First: 11.05.2026 17:30 Last: 11.05.2026 17:30 Sources 1

About this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...

Open Happening

CPanel security patch release for CVE-2026-29201

Security Patch Release
First: 09.05.2026 10:16 Last: 09.05.2026 10:16 Sources 1

About this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...

Open Happening

Linux kernel security update for Copy Fail (CVE-2026-31431)

Security Patch Release
First: 30.04.2026 16:54 Last: 30.04.2026 16:54 Sources 1

About this happening: **Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...

Open Happening

CPanel security patch release for CVE-2026-41940

Security Patch Release
First: 29.04.2026 12:37 Last: 29.04.2026 12:37 Sources 1

About this happening: **cPanel** released **security updates** for **cPanel and WHM** after an **authentication bypass** flaw could let remote attackers reach control-panel access, with fixes now cover...

Latest development: 04.05.2026 22:14

CVE-2026-41940 in cPanel, WebHost Manager (WHM), and WP Squared was rapidly exploited after public disclosure, with Censys reporting attacks from multiple threat actors within 24 hours and about 15,000 potentially compromised instances in the first day. KnownHost said about 30 managed cPanel servers showed attempted exploitation, WatchTowr Labs published a PoC exploit and technical analysis, and Defused said much of the observed activity copied WatchTowr's PoC exactly.

Open Happening

Timeline

  1. 22.10.2025 10:05 1 articles · 7mo ago

    TARmageddon disclosed in async-tar and tokio-tar

    Initial Disclosure

    Researchers disclosed CVE-2025-62518, a high-severity parsing flaw in async-tar and forks including tokio-tar that can smuggle nested TAR entries through inconsistent PAX/ustar header handling and create downstream file-overwriting and remote code execution risk for TAR-processing projects.

    Show sources
    Open in new tab
  2. 22.10.2025 10:05 3 articles · 7mo ago

    astral-tokio-tar 0.5.6 released to fix TARmageddon

    Mitigation Patch Update

    Astral released astral-tokio-tar 0.5.6 to remediate the boundary parsing vulnerability and provide a migration path for users relying on tokio-tar, which has no patch available, reducing exposure to archive-entry smuggling and file-overwriting attacks.

    Show sources
    Open in new tab