A vulnerability was found in alexcrichton tar-rs up to 0.4.44 on Rust. It has been rated as critical . The affected element is the function fs::metadata of the component Tarball Handler . The manipulation leads to symlink following. This vulnerability is referenced as CVE-2026-33056 . Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.