pyzipper CVE-2026-44722
MEDIUMSeverity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3Blast Radius
ecosystem impact- 75 pypi packages depend on pyzipper (66 direct, 9 indirect)
Ecosystem-wide dependent count for version 0.4.0.
DescriptionGitHub Advisory
Impact
A Python operator precedence bug in pyzipper/zipfile_aes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller. AE-1 stores the plaintext CRC32 checksum unencrypted in the ZIP header. During investigation of this issue, it was also found that when writing to an unseekable zip archive, the CRC32 value was always written to the datadescripter section.
The AES encryption itself is not broken. An attacker who possesses the archive can read the CRC32 from the header without decrypting anything, then brute-force candidate plaintexts by computing CRC32(candidate) and comparing against the stored value. In practice, this attack is feasible today only against small or low-entropy files, as CRC32 exhaustion across a large plaintext space is computationally prohibitive on current hardware. Files with high-entropy or large content are not practically at risk under current computing constraints. Without this bug, pyzipper would have removed the CRC32 value for any file with content of less than 20 bytes uncompressed.
Patches
Upgrade to pyzipper 0.4.0 that changes the default behaviour of pyzipper to always use the AE-2 format and exclude the CRC32 values, unless instructed to do otherwise.
If rewriting the zip archive to remove the CRC values for small files, the entire zip archive should be recreated to avoid the original local file header with the CRC included remaining in the zip file in a detached state.
Credit
Thanks to Lucas Lavarello from Kulkan Security for identifying this issue.
References
https://www.winzip.com/en/support/aes-encryption/#CRC https://www.winzip.com/en/support/aes-encryption/#crc-faq
AnalysisAI
pyzipper before version 0.4.0 fails to use AE-2 encryption format due to an operator precedence bug, causing CRC32 checksums to be stored unencrypted in ZIP headers. Attackers with access to encrypted archives can extract plaintext CRC32 values and conduct brute-force attacks on small or low-entropy files to recover their content without decrypting the AES encryption itself. Large or high-entropy files remain practically safe under current computational constraints, but the vulnerability represents a cryptographic bypass for files under approximately 20 bytes.
Technical ContextAI
pyzipper is a Python library that extends the standard zipfile module to add AES encryption support for ZIP archives. The vulnerability stems from a Python operator precedence bug in pyzipper/zipfile_aes.py that prevents automatic selection of the AE-2 encryption format. AE-1 format stores plaintext CRC32 checksums in unencrypted ZIP local file headers, while AE-2 excludes these checksums entirely. The bug forces all encrypted entries into AE-1 format unless explicitly overridden. CRC32 is a 32-bit cyclic redundancy check with approximately 4.3 billion possible values-exhaustible through brute-force when plaintext space is small. The vulnerability affects the pkg:pip/pyzipper package on PyPI. The root cause is classified as CWE-480 (Use of Incorrect Operator).
RemediationAI
Upgrade pyzipper to version 0.4.0 or later, which changes the default encryption format to AE-2 and excludes CRC32 values from headers. For archives created with vulnerable versions containing sensitive small files or low-entropy content, re-encrypt the entire archive by extracting and re-zipping with the patched version 0.4.0 to ensure CRC32 values are removed from local file headers. Do not attempt in-place modification, as orphaned headers with CRC values may persist in the archive. Developers should audit application code to confirm pyzipper version and review any ZIP archives created with versions prior to 0.4.0 for exposure to small or low-entropy encrypted files. If immediate upgrade is not possible, explicitly force AE-2 format in pyzipper API calls until the library can be updated. For archived data at rest, prioritize re-encryption of archives containing short-form data (passwords, keys, metadata) over bulk archives of large files.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-480 – Use of Incorrect Operator
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-crqm-m339-7m2p