Skip to main content

rattler_cache CVE-2026-53956

MEDIUM
Path Traversal (CWE-22)
2026-07-09 https://github.com/conda/rattler GHSA-h672-p7h7-97v9
5.4
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
vuln.today AI
5.4 MEDIUM

Network vector fits malicious channel delivery; PR:N for the attacker (channel operator); UI:R because victim must actively install from the untrusted channel; no confidentiality impact described.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 09, 2026 - 23:52 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 3 pypi packages depend on py-rattler (3 direct, 0 indirect)

Ecosystem-wide dependent count for version 0.24.0.

DescriptionGitHub Advisory

rattler_cache and py-rattler were vulnerable to package-cache path traversal when handling package metadata from conda channels.

During cache materialization, the ratter_cache code used the package record build string as part of a cache key that was joined into a filesystem path. A malicious or untrusted channel could publish repodata with path separators or traversal components in that field, causing package contents to be written outside the configured package cache directory.

The issue requires use of a malicious or otherwise untrusted conda channel. Curated channels that validate package metadata are not expected to allow malformed build strings of this form.

Users should upgrade to a patched version and avoid untrusted conda channels.

AnalysisAI

Path traversal in rattler_cache and py-rattler exposes the victim's filesystem to out-of-bounds file writes when package metadata from an untrusted conda channel contains path separators or directory traversal sequences in the build string. Users who install packages from a malicious channel trigger cache materialization logic that joins the unsanitized build string into a filesystem path, allowing package contents to land outside the configured cache directory. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Publish crafted repodata on malicious channel
Delivery
Embed path traversal in package build string
Exploit
Social-engineer victim to add untrusted channel
Execution
Victim installs package triggering cache write
Persist
rattler_cache materializes files to attacker-controlled path
Impact
Attacker-chosen files written outside cache root

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to explicitly add and use a malicious or untrusted conda channel that contains package metadata with path traversal sequences (e.g., '../', directory separators) embedded in the build field of a package record. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 5.4 Medium score (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) accurately reflects a moderate-risk, conditionally exploitable flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker operates a malicious conda channel and crafts repodata JSON containing a package record whose build field includes path traversal sequences such as '../../sensitive_dir'. A user who adds this channel to their conda or pixi configuration and installs the crafted package causes rattler_cache to join the traversal string into the cache path, writing package contents to an attacker-chosen directory outside the cache root - potentially overwriting application configs, scripts, or other user-writable files. …
Remediation Upgrade rattler_cache and py-rattler to the patched version as documented in the GitHub Security Advisory GHSA-h672-p7h7-97v9 (https://github.com/conda/rattler/security/advisories/GHSA-h672-p7h7-97v9). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53956 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy