Critical Symlink Vulnerability in Tokio-Tar Library Enables Arbitrary Directory Permission Manipulation

A critical security flaw in the astral-tokio-tar archive library allows maliciously crafted tar archives to modify directory permissions outside the intended extraction hierarchy. The vulnerability, catalogued as RUSTSEC-2026-0113, affects all versions through 0.6.0 and exposes systems to arbitrary permission changes on external directories by exploiting the unpack_in API's failure to prevent symlink traversal. Unlike file permissions, directory permissions can be altered through this attack vector, creating a potential pathway for privilege escalation or system misconfiguration. The flaw mirrors a similar vulnerability in the standard tar crate (GHSA-j4xf-2g29-59ph), suggesting a systemic issue in how Rust's tar processing libraries handle symlink resolution. Version 0.6.1 addresses this by preventing the API from modifying directories outside the archive hierarchy.

The vulnerability stems from how the unpack_in function processes tar entries containing symbolic links. When extracting an archive, the function resolves symlinks and applies permissions without verifying whether the target directory lies within the intended extraction path. This allows an attacker to embed a symlink in a tar archive pointing to an external directory, then include a second entry that modifies that directory's permissions. The result is an attacker-controlled modification of system directory permissions without requiring write access to those directories themselves. This class of vulnerability is particularly dangerous in containerized environments or systems where untrusted archives are regularly extracted.

The security audit identified five total vulnerabilities in the astral-tokio-tar package, with this symlink-based flaw representing the most operationally significant exposure. Another documented issue, RUSTSEC-2026-0112, involves PAX header desynchronization in the same package, further signaling underlying architectural weaknesses in the library's boundary enforcement logic. Organizations relying on this crate for archive extraction should audit their dependency trees immediately, as the patch to version 0.6.1 is the only currently available mitigation. The disclosure follows a pattern of tar-related vulnerabilities across Rust ecosystem crates, warranting heightened scrutiny of archive processing code in security-sensitive deployments.