Resource exhaustion in Python Software Foundation Cpython
CVE-2026-11972
When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle EOF, meaning an archive could be parsed in an infinite loop.
Affected products
- Python Software Foundation Cpython — versions 0
Weakness classification (CWE)
References
- cna@python.org (issue-tracking)
- cna@python.org (patch)
- cna@python.org (vendor-advisory)