CVE-2026-33055: tar-rs incorrectly ignores PAX size headers if header size is nonzero

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2026-Mar

Released

2026-03-25

EPSS Score

0.01% (percentile: 1.2%)

Affected Products (9)

Other

• 20393-17086
• 20394-17086
• 20878-17086
• 20955-17084
• 20978-17084

Open Source Software

• azl3 kata-containers-cc 3.15.0.aks0-7 on Azure Linux 3.0
• azl3 rust 1.75.0-25 on Azure Linux 3.0
• cbl2 rust 1.72.0-14 on CBL Mariner 2.0
• azl3 rust 1.90.0-4 on Azure Linux 3.0

Revision History

• 2026-03-25: Information published.