1. Kibana Security Flaw: Malicious Tar Archives Can Exploit Hardlink Validation to Write Outside Intended Directory
A newly disclosed vulnerability in Kibana's archive extraction process allows a maliciously crafted tar archive to bypass directory constraints and write files to arbitrary locations on the host filesystem. The flaw, tracked as CVE-2026-26960, resides in the `tar.extract()` function, which fails to properly validate th...