Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Archive delivered over network (AV:N), no complexity barrier (AC:L), no attacker privileges needed (PR:N), user must extract archive (UI:R), arbitrary file write gives high integrity impact (I:H), no confidentiality or availability impact.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patoolib/programs/py_tarfile.py when running on Python before 3.12, where the is_within_directory() helper uses os.path.commonprefix() for character-level string comparison instead of path-level comparison, allowing a crafted archive member path to bypass the containment check. Attackers can supply a malicious archive with specially crafted member paths to write arbitrary files.
AnalysisAI
Path traversal in Patool's safe_extract() function allows an attacker-controlled archive to write files to arbitrary locations on the filesystem when extracted by a victim running Patool before 4.0.5 on Python before 3.12. The flaw exists because the is_within_directory() helper in patoolib/programs/py_tarfile.py uses os.path.commonprefix() for character-level string prefix matching rather than path-component-level comparison, making it trivially bypassable with crafted member paths. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three concurrent conditions: Patool version prior to 4.0.5 must be installed; the Python runtime must be earlier than version 3.12 (Python 3.12+ patches the tarfile stdlib behavior that this vulnerability depends on); and a user must invoke Patool's safe_extract() function on an attacker-controlled archive. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.3 (AV:N/AC:L/AT:N/PR:N/UI:P) reflects moderate severity, but the real-world integrity impact may be understated by the VI:L assignment - successful exploitation yields arbitrary file write to any path writable by the extracting user, which in practice can enable privilege escalation, backdoor installation, or code execution if writable paths include cron directories, SSH authorized_keys, or application configuration files. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts or delivers a malicious tar archive containing a member path such as '../../../home/user/.ssh/authorized_keys' with attacker-controlled content. When a victim downloads and extracts the archive using Patool (pre-4.0.5 on Python < 3.12), the is_within_directory() check passes due to the character-prefix flaw, and the attacker's SSH public key is written to the victim's authorized_keys file, granting persistent remote access. … |
| Remediation | The primary fix is to upgrade Patool to version 4.0.5, the vendor-released patch available at https://github.com/wummel/patool/releases/tag/4.0.5 and documented in https://github.com/wummel/patool/blob/main/doc/changelog.txt. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39879
GHSA-p95f-9f9h-wwvh