Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attacker supplies only a crafted tar file (PR:N); AC:H reflects the specific preconditions (filter='data' in use, hardlinks present); impact limited to low-integrity uid/gid misassignment (I:L).
Primary rating from Vendor (PSF).
CVSS VectorVendor: PSF
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract() function.
AnalysisAI
CPython's tarfile.extract() silently bypasses the 'filter' parameter when processing hardlinks within tar archives, writing files with attacker-controlled uid/gid values despite the caller specifying filter='data' for security. Systems that extract content from untrusted tar archives while relying on this filter mechanism for ownership hardening are left with unexpected file ownership on extracted hardlinks. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires all of the following: (1) the target system runs an affected CPython version that implements the tarfile filter API (inferred to be Python 3.12.x or later); (2) application code calls tarfile.extract() or tarfile.extractall() with filter='data' explicitly, relying on this parameter for security hardening; (3) the tar archive being extracted originates from an untrusted source controlled by the attacker; (4) the archive contains at least one hardlink member with crafted uid/gid values; and (5) user interaction or operator action triggers the extraction (UI:P). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) and score of 2.0 collectively signal very low real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a tar archive that contains one or more hardlinks with maliciously chosen uid/gid values and delivers it to a target system - via a file download, API upload, or artifact pipeline. A privileged process on that system calls tarfile.extract() with filter='data', expecting the filter to normalize file ownership to safe values. … |
| Remediation | Apply the upstream fix available in GitHub pull request https://github.com/python/cpython/pull/151988, reported and tracked in issue https://github.com/python/cpython/issues/151987. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
CPython decompression modules (lzma, bz2, gzip) allow memory corruption via use-after-free when decompressor instances a
Denial of service in CPython's tarfile module allows remote attackers to trigger an infinite loop by supplying a crafted
Stack-based buffer overflow in CPython's bz2.BZ2Decompressor allows remote attackers to crash Python applications by sen
Path traversal in CPython's tarfile module allows a crafted tar archive to bypass the 'data' and 'tar' extraction filter
Command injection in CPython's webbrowser.open() API bypasses previous CVE-2026-4519 mitigation via specially crafted UR
The webbrowser.open() API in CPython accepts URLs with leading dashes, which certain web browsers interpret as command-l
Path traversal in CPython's tarfile module allows malicious tar archives to bypass the data_filter safety mechanism and
XML parsers in CPython's xml.parsers.expat and xml.etree.ElementTree modules use insufficient entropy for Expat hash-flo
Denial-of-service via quadratic algorithmic complexity in CPython's unicodedata.normalize() affects all CPython versions
Server-Side Request Forgery in CPython's ftplib module allows a malicious FTP source server to redirect a target FTP ser
Privilege escalation in CPython on Windows enables a low-privileged local user to hijack the module search path of a mor
Config file injection in CPython's configparser module allows an attacker who controls multi-line values written via con
Same weakness CWE-281 – Improper Preservation of Permissions
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40336
GHSA-gf2w-jqmq-fcm8