Skip to main content

CPython tarfile CVE-2026-11940

| EUVDEUVD-2026-38490 HIGH
Path Traversal (CWE-22)
2026-06-23 PSF GHSA-9mc4-rqmq-h467
7.8
CVSS 4.0 · Vendor: PSF
Share

Severity by source

Vendor (PSF) PRIMARY
7.8 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.2 HIGH

Requires a victim app to extract an attacker-supplied archive (UI:R, AV:L for archive-as-input); scope changes to filesystem outside dest (S:C) enabling arbitrary read/write.

3.1 AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
SUSE
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (PSF).

CVSS VectorVendor: PSF

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 23, 2026 - 17:01 vuln.today
Analysis Generated
Jun 23, 2026 - 17:01 vuln.today

DescriptionCVE.org

tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower path, letting a relative target the filter judged contained escape the destination directory. This allowed a malicious tar archive to create a symlink pointing outside the destination, enabling out-of-destination file reads or writes. This was an incomplete fix of CVE-2025-4330.

AnalysisAI

Path traversal in CPython's tarfile module allows a crafted tar archive to bypass the 'data' and 'tar' extraction filters and create a symlink pointing outside the destination directory, enabling out-of-destination file reads or writes when extractall() is later used or the resulting symlink is followed. The flaw is an incomplete fix of CVE-2025-4330: a hardlink referencing a symlink stored at a deeper path than the hardlink itself causes the fallback to validate the symlink at its archived (deep) location but recreate it at the hardlink's shallower path, making a previously 'contained' relative target escape the extraction root. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft tar with deep symlink and shallow hardlink
Delivery
Deliver archive to victim service
Exploit
Victim calls extractall with 'data' filter
Execution
Fallback recreates symlink at shallow path
Persist
Symlink escapes destination directory
Impact
Subsequent file op reads or writes outside dest

Vulnerability AssessmentAI

Exploitation Exploitation requires a victim Python application to call tarfile.extractall() (or the equivalent TarFile.extract loop) with filter='data' or filter='tar' on an attacker-supplied archive, and the host must support symlink creation for the malicious link to materialize (the test skips when os_helper.can_symlink() is false). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and worth disentangling. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker uploads a crafted .tar.gz to a service that later calls tarfile.extractall(path=dest, filter='data') - for example a CI artifact processor, plugin installer, or ML model importer. The archive contains a symlink at a/b/s -> ../escape and a hardlink at s pointing to a/b/s; after extraction, s becomes a symlink to ../escape that resolves outside dest, so any subsequent open() or write() through that path reads or overwrites files outside the intended directory. …
Remediation Upstream fix available (PR/commit); released patched version not independently confirmed - apply the CPython update that incorporates pull request https://github.com/python/cpython/pull/151559 as soon as your distribution publishes it, and consult the PSF advisory at https://mail.python.org/archives/list/security-announce@python.org/thread/LD6QIISNQFQYOIEPJNEUIPV7S3V76FZH/ for the exact patched minor versions. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running CPython and using tarfile for archive extraction, particularly those processing archives from external or untrusted sources. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-6100 CRITICAL
9.1 Apr 13

CPython decompression modules (lzma, bz2, gzip) allow memory corruption via use-after-free when decompressor instances a

CVE-2026-11972 HIGH
8.2 Jun 23

Denial of service in CPython's tarfile module allows remote attackers to trigger an infinite loop by supplying a crafted

CVE-2026-9669 HIGH
8.2 Jun 08

Stack-based buffer overflow in CPython's bz2.BZ2Decompressor allows remote attackers to crash Python applications by sen

CVE-2026-4786 HIGH
7.0 Apr 13

Command injection in CPython's webbrowser.open() API bypasses previous CVE-2026-4519 mitigation via specially crafted UR

CVE-2026-4519 HIGH
7.0 Mar 20

The webbrowser.open() API in CPython accepts URLs with leading dashes, which certain web browsers interpret as command-l

CVE-2026-7774 MEDIUM
6.9 Jun 04

Path traversal in CPython's tarfile module allows malicious tar archives to bypass the data_filter safety mechanism and

CVE-2026-7210 MEDIUM
6.3 May 11

XML parsers in CPython's xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flo

CVE-2026-3276 MEDIUM
6.3 Jun 03

Denial-of-service via quadratic algorithmic complexity in CPython's unicodedata.normalize() affects all CPython versions

CVE-2026-8328 MEDIUM
5.9 May 13

Server-Side Request Forgery in CPython's ftplib module allows a malicious FTP source server to redirect a target FTP ser

CVE-2026-12003 MEDIUM
5.3 Jun 16

Privilege escalation in CPython on Windows enables a low-privileged local user to hijack the module search path of a mor

CVE-2026-0864 MEDIUM
4.1 Jun 23

Config file injection in CPython's configparser module allows an attacker who controls multi-line values written via con

CVE-2026-6019 LOW
2.1 Apr 22

CPython's http.cookies.Morsel.js_output() method generates inline script snippets that fail to neutralize the HTML parse

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SLES15-SP5-CHOST-BYOS-SAP-CCloud Affected
SLES15-SP5-CHOST-BYOS-SAP-CCloud Affected
SLES15-SP6-CHOST-BYOS Affected
SLES15-SP6-CHOST-BYOS-Aliyun Affected
SLES15-SP6-CHOST-BYOS-Azure Affected

Share

CVE-2026-11940 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy