Skip to main content

Red Hat CVE-2026-3219

| EUVDEUVD-2026-23866 MEDIUM
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-04-20 PSF GHSA-58qw-9mgm-455v
4.6
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
4.6 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
3.3 LOW
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Red Hat
5.0 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

5
Analysis Generated
Apr 20, 2026 - 17:53 vuln.today
EUVD ID Assigned
Apr 20, 2026 - 15:15 euvd
EUVD-2026-23866
Analysis Generated
Apr 20, 2026 - 15:15 vuln.today
Patch released
Apr 20, 2026 - 15:15 nvd
Patch available
CVE Published
Apr 20, 2026 - 14:55 nvd
MEDIUM 4.6

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 pypi packages depend on pip (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 26.1.

DescriptionCVE.org

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.

AnalysisAI

pip before version 26.1 incorrectly treats concatenated tar and ZIP archives as ZIP files regardless of filename, potentially installing unintended package contents when ambiguous archive formats are processed. Local attackers with user interaction can exploit this during package installation to cause integrity confusion, where an archive's actual contents diverge from its declared format. The vulnerability requires local access and user interaction (downloading/installing a crafted archive), limiting real-world impact to supply-chain scenarios or direct social engineering of pip users.

Technical ContextAI

The vulnerability resides in pip's archive format detection logic (CWE-434: Unrestricted Upload of File with Dangerous Type). When processing Python package archives, pip determines whether to extract contents using ZIP or tar handlers. The defect occurs when a single file is simultaneously valid as both a tar and ZIP archive (a concatenated or polyglot file), causing pip to default to ZIP extraction. Since ZIP and tar formats use different compression headers and directory structures, a crafted polyglot file could contain different payloads interpretable by each format. Affected versions include all pip releases before 26.1. The CPE cpe:2.3:a:python_packaging_authority:pip:*:*:*:*:*:*:*:* covers all pip versions; the EUVD advisory confirms pip versions 0 through 26.0 are vulnerable. The root cause is insufficient validation of archive format uniqueness before format-specific extraction proceeds.

RemediationAI

Upgrade pip to version 26.1 or later to obtain the vendor-released patch that restricts installation to archives uniquely identifiable as either ZIP or tar format, rejecting polyglot files. Use the command pip install --upgrade pip to apply the fix. For organizations unable to immediately update, implement compensating controls: enforce package source whitelist restrictions to only trusted PyPI mirrors or private indexes with upload validation, configure pip to verify package signatures using PEP 480 metadata or GPG if available, restrict pip's use to non-privileged user accounts to limit damage from malicious extraction, and audit package downloads via network monitoring to detect suspicious archive formats. The patch is available via GitHub PR #13870 (https://github.com/pypa/pip/pull/13870) and referenced in the PSF security announcement (https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/). Note that signature verification (if implemented) would not prevent extraction of unintended contents; package source restriction is the primary control.

Vendor StatusVendor

SUSE

Severity: Low
Product Status
SLES15-SP5-CHOST-BYOS-SAP-CCloud Fixed
SLES15-SP6-CHOST-BYOS Fixed
SLES15-SP6-CHOST-BYOS-Aliyun Fixed
SLES15-SP6-CHOST-BYOS-Azure Fixed
SLES15-SP6-CHOST-BYOS-EC2 Fixed

Share

CVE-2026-3219 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy