Skip to main content

pyzipper CVE-2026-44722

MEDIUM
Use of Incorrect Operator (CWE-480)
2026-05-14 https://github.com/danifus/pyzipper GHSA-crqm-m339-7m2p
6.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.2 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Source Code Evidence Fetched
May 14, 2026 - 17:04 vuln.today
Analysis Generated
May 14, 2026 - 17:04 vuln.today
CVE Published
May 14, 2026 - 16:17 nvd
MEDIUM 6.2

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 75 pypi packages depend on pyzipper (66 direct, 9 indirect)

Ecosystem-wide dependent count for version 0.4.0.

DescriptionGitHub Advisory

Impact

A Python operator precedence bug in pyzipper/zipfile_aes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller. AE-1 stores the plaintext CRC32 checksum unencrypted in the ZIP header. During investigation of this issue, it was also found that when writing to an unseekable zip archive, the CRC32 value was always written to the datadescripter section.

The AES encryption itself is not broken. An attacker who possesses the archive can read the CRC32 from the header without decrypting anything, then brute-force candidate plaintexts by computing CRC32(candidate) and comparing against the stored value. In practice, this attack is feasible today only against small or low-entropy files, as CRC32 exhaustion across a large plaintext space is computationally prohibitive on current hardware. Files with high-entropy or large content are not practically at risk under current computing constraints. Without this bug, pyzipper would have removed the CRC32 value for any file with content of less than 20 bytes uncompressed.

Patches

Upgrade to pyzipper 0.4.0 that changes the default behaviour of pyzipper to always use the AE-2 format and exclude the CRC32 values, unless instructed to do otherwise.

If rewriting the zip archive to remove the CRC values for small files, the entire zip archive should be recreated to avoid the original local file header with the CRC included remaining in the zip file in a detached state.

Credit

Thanks to Lucas Lavarello from Kulkan Security for identifying this issue.

References

https://www.winzip.com/en/support/aes-encryption/#CRC https://www.winzip.com/en/support/aes-encryption/#crc-faq

AnalysisAI

pyzipper before version 0.4.0 fails to use AE-2 encryption format due to an operator precedence bug, causing CRC32 checksums to be stored unencrypted in ZIP headers. Attackers with access to encrypted archives can extract plaintext CRC32 values and conduct brute-force attacks on small or low-entropy files to recover their content without decrypting the AES encryption itself. Large or high-entropy files remain practically safe under current computational constraints, but the vulnerability represents a cryptographic bypass for files under approximately 20 bytes.

Technical ContextAI

pyzipper is a Python library that extends the standard zipfile module to add AES encryption support for ZIP archives. The vulnerability stems from a Python operator precedence bug in pyzipper/zipfile_aes.py that prevents automatic selection of the AE-2 encryption format. AE-1 format stores plaintext CRC32 checksums in unencrypted ZIP local file headers, while AE-2 excludes these checksums entirely. The bug forces all encrypted entries into AE-1 format unless explicitly overridden. CRC32 is a 32-bit cyclic redundancy check with approximately 4.3 billion possible values-exhaustible through brute-force when plaintext space is small. The vulnerability affects the pkg:pip/pyzipper package on PyPI. The root cause is classified as CWE-480 (Use of Incorrect Operator).

RemediationAI

Upgrade pyzipper to version 0.4.0 or later, which changes the default encryption format to AE-2 and excludes CRC32 values from headers. For archives created with vulnerable versions containing sensitive small files or low-entropy content, re-encrypt the entire archive by extracting and re-zipping with the patched version 0.4.0 to ensure CRC32 values are removed from local file headers. Do not attempt in-place modification, as orphaned headers with CRC values may persist in the archive. Developers should audit application code to confirm pyzipper version and review any ZIP archives created with versions prior to 0.4.0 for exposure to small or low-entropy encrypted files. If immediate upgrade is not possible, explicitly force AE-2 format in pyzipper API calls until the library can be updated. For archived data at rest, prioritize re-encryption of archives containing short-form data (passwords, keys, metadata) over bulk archives of large files.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-44722 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy