rattler_cache CVE-2026-53956
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Network vector fits malicious channel delivery; PR:N for the attacker (channel operator); UI:R because victim must actively install from the untrusted channel; no confidentiality impact described.
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Lifecycle Timeline
1Blast Radius
ecosystem impact- 3 pypi packages depend on py-rattler (3 direct, 0 indirect)
Ecosystem-wide dependent count for version 0.24.0.
DescriptionGitHub Advisory
rattler_cache and py-rattler were vulnerable to package-cache path traversal when handling package metadata from conda channels.
During cache materialization, the ratter_cache code used the package record build string as part of a cache key that was joined into a filesystem path. A malicious or untrusted channel could publish repodata with path separators or traversal components in that field, causing package contents to be written outside the configured package cache directory.
The issue requires use of a malicious or otherwise untrusted conda channel. Curated channels that validate package metadata are not expected to allow malformed build strings of this form.
Users should upgrade to a patched version and avoid untrusted conda channels.
AnalysisAI
Path traversal in rattler_cache and py-rattler exposes the victim's filesystem to out-of-bounds file writes when package metadata from an untrusted conda channel contains path separators or directory traversal sequences in the build string. Users who install packages from a malicious channel trigger cache materialization logic that joins the unsanitized build string into a filesystem path, allowing package contents to land outside the configured cache directory. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to explicitly add and use a malicious or untrusted conda channel that contains package metadata with path traversal sequences (e.g., '../', directory separators) embedded in the build field of a package record. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 5.4 Medium score (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) accurately reflects a moderate-risk, conditionally exploitable flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker operates a malicious conda channel and crafts repodata JSON containing a package record whose build field includes path traversal sequences such as '../../sensitive_dir'. A user who adds this channel to their conda or pixi configuration and installs the crafted package causes rattler_cache to join the traversal string into the cache path, writing package contents to an attacker-chosen directory outside the cache root - potentially overwriting application configs, scripts, or other user-writable files. … |
| Remediation | Upgrade rattler_cache and py-rattler to the patched version as documented in the GitHub Security Advisory GHSA-h672-p7h7-97v9 (https://github.com/conda/rattler/security/advisories/GHSA-h672-p7h7-97v9). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-h672-p7h7-97v9