CVE-2026-40931: Complete Bypass of CVE-2026-24884 Patch via Git-Delivered Symlink Poisoning in compressing

1. Executive Summary This report documents a critical security research finding in the compressing npm package (specifically tested on the latest v2.1.0). The core vulnerability is a Partial Fix Bypass of CVE-2026-24884.

The current patch relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but fails to account for the actual filesystem state. By exploiting this “Logical vs. Physical” divergence, we successfully bypassed the security check using a Directory Poisoning technique (pre-existing symbolic links).

Key Findings:

• Vulnerable Component: lib/utils.js -> isPathWithinParent()
• Flaw Type: Incomplete validation (lack of recursive lstat checks).
• Primary Attack Vector: Supply Chain via Git Clone The attack requires zero victim interaction beyond standard developer workflow (git clone + node app.js). Git natively preserves symlinks during clone, automatically deploying the malicious symlink to victim’s machine without any additional attacker access.
• Result: Successfully achieved arbitrary file writes outside the intended extraction root on the latest library version.

2. Deep-Dive: Technical Root Cause Analysis The vulnerability exists because of a fundamental disconnect between how the library validates a path and how the Operating System executes a write to that path.

• 1. Logical Abstraction (The “String” World) The developer uses path.resolve(childPath) to sanitize input. In Node.js, path.resolve is a literal string manipulator. It calculates an absolute path by processing .. and . segments relative to each other.

• The Limitation: path.resolve does NOT look at the disk. It does not know if a folder named config is a real folder or a symbolic link.

• The Result: If the extraction target is /app/out and the entry is config/passwd, path.resolve returns /app/out/config/passwd. Since this string starts with /app/out/, the security check returns TRUE.

• 2. Physical Reality (The “Filesystem” World) When the library proceeds to write the file using fs.writeFile('/app/out/config/passwd', data), the execution is handed over to the Operating System’s filesystem kernel.

• The Redirection: If the attacker has pre-created a symbolic link on the disk at /app/out/config pointing to /etc, the OS kernel sees the write request and follows the link.

• The Divergence: The OS resolves the path to /etc/passwd. The “Security Guard” (the library) thought it was writing to a local config folder, but the “Executioner” (the OS) followed the link into a sensitive system area.

• 3. Visual Logic Flow

• 4. Comparison with Industry Standards (node-tar) A secure implementation (like node-tar) uses an “Atomic Check” strategy. Instead of trusting a string path, it iterates through every directory segment and calls fs.lstatSync(). If any segment is found to be a symbolic link, the extraction is halted immediately before any write operation is attempted. compressing lacks this critical recursive verification step.

• 5. Git Clone as a Delivery Mechanism: Git treats symlinks as first-class objects and restores them faithfully during clone. This means an attacker-controlled repository becomes a reliable delivery mechanism — the symlink is “pre-planted” automatically by git itself, removing any prerequisite of prior system access.

3. Comprehensive Attack Vector & Proof of Concept

PoC Overview: The Git Clone Vector This exploit leverages the fact that Git natively preserves symbolic links. By cloning a malicious repository, a victim unknowingly plants a “poisoned path” on their local disk. Why this is critical:

• No social engineering required beyond a standard git clone.
• The symlink is “pre-planted” by Git itself, removing the need for prior system access.
• Victim’s workflow remains indistinguishable from legitimate activity.

Step 1: Environment Preparation (Victim System)

TIP Prerequisite: Ensure you have Node.js and npm installed on your Kali Linux. If you encounter a MODULE_NOT_FOUND error for tar-stream or compressing, run: npm install compressing@2.1.0 tar-stream` in your current working directory.

Create a mock sensitive file to demonstrate the overwrite without damaging the actual OS.