Path Traversal in Python Software Foundation Cpython
CVE-2026-7774
tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to c…
Vulnerability class: Path Traversal (Directory Traversal)
Affected products
- Python Software Foundation Cpython — versions 0
Weakness classification (CWE)
References
- cna@python.org (patch)
- cna@python.org (issue-tracking)
- cna@python.org (vendor-advisory)
- af854a3a-2127-422b-91ae-364da2661108