CVE-2026-7774— tarfile.data_filter path traversal bypass allows writing outside the extraction directory
Affected Version Matrix 3
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Python Software Foundation | CPython | < 3.13.14 | affected |
3.14.0< 3.14.6 | affected | ||
3.15.0a1< 3.15.0b2 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-7774
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
tarfile.data_filter path traversal bypass allows writing outside the extraction directory
Source: NVD (National Vulnerability Database)
Vulnerability Description
tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Python 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Python是Python基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python存在安全漏洞,该漏洞源于tarfile.data_filter可通过特制链接条目绕过,包括空名称或目录类符号链接,导致tarfile.extractall将文件写入目标目录之外。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Python Software Foundation | CPython | 0 ~ 3.13.14 | - |
II. Public POCs for CVE-2026-7774
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-7774
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-7774 (6)
Vendor Advisories for CVE-2026-7774 (2)
IV. Related Vulnerabilities
Same product: CPython
- CVE-2026-11972
tarfile opened in streaming mode mishandles EOF - CVE-2026-0864
Configuration Injection via Carriage Return (\r) in write() - CVE-2026-11940
tarfile extraction filter bypass allows escaping the destina - CVE-2026-12003
CPython >3.11 Insecure Input Validation resulting in privile - CVE-2026-9669
bz2.BZ2Decompressor reuse after error can cause a stack buff
Same vendor: Python Software Foundation
- CVE-2026-11972
tarfile opened in streaming mode mishandles EOF - CVE-2026-0864
Configuration Injection via Carriage Return (\r) in write() - CVE-2026-11940
tarfile extraction filter bypass allows escaping the destina - CVE-2026-12003
CPython >3.11 Insecure Input Validation resulting in privile - CVE-2026-9669
bz2.BZ2Decompressor reuse after error can cause a stack buff
Same weakness: CWE-22
- CVE-2026-54557
mise HTTP backend uses raw version path for install symlink - CVE-2026-56876
extract-zip unvalidated symlink path traversal - CVE-2026-55677
Echo: Encoded slash (%2F) bypasses route-level protection an - CVE-2026-57321
WordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vul - CVE-2026-56066
WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbi
V. Comments for CVE-2026-7774
No comments yet