CVE-2026-11972

UNKNOWN 0.0

tarfile opened in streaming mode mishandles EOF

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle EOF, meaning an archive could be parsed in an infinite loop.

CWE	CWE-252 CWE-606 CWE-770
Vendor	python software foundation
Product	cpython
Published	Jun 23, 2026

Stay Ahead of the Next One

Get instant alerts for python software foundation cpython

Be the first to know when new unknown vulnerabilities affecting python software foundation cpython are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Python Software Foundation / CPython

0 < 3.16.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/python/cpython/issues/151981 github.com: https://github.com/python/cpython/pull/151982 mail.python.org: https://mail.python.org/archives/list/[email protected]/thread/AXPSKKTSRKXTTJULW3XSIC74WZNAAPPB/

Credits

🔍 Ryan Hileman (https://github.com/lunixbochs) Petr Viktorin (https://github.com/encukou) Stan Ulbrych (https://github.com/StanFromIreland)