CVE-2026-7774
tarfile.data_filter path traversal bypass allows writing outside the extraction directory
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.
| CWE | CWE-22 |
| Vendor | python software foundation |
| Product | cpython |
| Published | Jun 4, 2026 |
| Last Updated | Jun 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for python software foundation cpython
Be the first to know when new unknown vulnerabilities affecting python software foundation cpython are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Python Software Foundation / CPython
0 < 3.15.0
References
github.com: https://github.com/python/cpython/pull/149487 github.com: https://github.com/python/cpython/issues/149486 mail.python.org: https://mail.python.org/archives/list/[email protected]/thread/4FU62L2M6RMMHT2QPGQNPEHHUND7CEX5/ openwall.com: http://www.openwall.com/lists/oss-security/2026/06/04/9
Credits
🔍 Phùng Siêu Đạt (OPSWAT Unit 515) Seth Larson (https://github.com/sethmlarson) Gregory P. Smith (https://github.com/gpshead) Petr Viktorin (https://github.com/encukou) Stan Ulbrych (https://github.com/StanFromIreland)