6.9

CVE-2026-7774

tarfile.data_filter path traversal bypass allows writing outside the extraction directory

tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPython Software Foundation
Produkt CPython
Default Statusunaffected
Version 0
Version < 3.13.14
Status affected
Version 3.14.0
Version < 3.14.6
Status affected
Version 3.15.0a1
Version < 3.15.0b2
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.62% 0.455
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@python.org 6.9 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://github.com/python/cpython/pull/149487
https://github.com/python/cpython/issues/149486
http://www.openwall.com/lists/oss-security/2026/06/04/9
https://github.com/python/cpython/commit/0478bd83d82b255e0f29f613367a59d261e7eaa2
https://github.com/python/cpython/commit/0d28f5e46e151718972dfabd91205444d0037b6d
https://github.com/python/cpython/commit/578411982c16f753f4893532510099ef665117da
https://github.com/python/cpython/commit/5cf47a248c35c375d610b87b2f72fd1ed454b558
https://github.com/python/cpython/commit/74cca9a92fb7d653e404843a56b8bdc7b0afdbbf
https://github.com/python/cpython/commit/10a13bee3c24f9c62b602e696334ff2272a40efc
https://github.com/python/cpython/commit/c063191cb7f9170f9565e305f8aa2b79ab2bf609
https://mail.python.org/archives/list/security-announce@python.org/thread/4FU62L2M6RMMHT2QPGQNPEHHUND7CEX5/