{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7774", "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "state": "PUBLISHED", "assignerShortName": "PSF", "dateReserved": "2026-05-04T14:47:51.154Z", "datePublished": "2026-06-04T14:21:23.904Z", "dateUpdated": "2026-06-10T18:57:42.846Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["tarfile"], "product": "CPython", "repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "versions": [{"version": "0", "lessThan": "3.13.14", "status": "affected", "versionType": "python"}, {"version": "3.14.0", "lessThan": "3.14.6", "status": "affected", "versionType": "python"}, {"version": "3.15.0a1", "lessThan": "3.15.0b2", "status": "affected", "versionType": "python"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Ph\u00f9ng Si\u00eau \u0110\u1ea1t (OPSWAT Unit 515)"}, {"lang": "en", "type": "coordinator", "value": "Seth Larson (https://github.com/sethmlarson)"}, {"lang": "en", "type": "remediation developer", "value": "Gregory P. Smith (https://github.com/gpshead)"}, {"lang": "en", "type": "remediation developer", "value": "Petr Viktorin (https://github.com/encukou)"}, {"lang": "en", "type": "coordinator", "value": "Stan Ulbrych (https://github.com/StanFromIreland)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process."}], "value": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF", "dateUpdated": "2026-06-10T18:57:42.846Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/python/cpython/pull/149487"}, {"tags": ["issue-tracking"], "url": "https://github.com/python/cpython/issues/149486"}, {"tags": ["vendor-advisory"], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/4FU62L2M6RMMHT2QPGQNPEHHUND7CEX5/"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/0478bd83d82b255e0f29f613367a59d261e7eaa2"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/0d28f5e46e151718972dfabd91205444d0037b6d"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/578411982c16f753f4893532510099ef665117da"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/5cf47a248c35c375d610b87b2f72fd1ed454b558"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/74cca9a92fb7d653e404843a56b8bdc7b0afdbbf"}], "source": {"discovery": "UNKNOWN"}, "title": "tarfile.data_filter path traversal bypass allows writing outside the extraction directory", "x_generator": {"engine": "Vulnogram 0.6.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-04T17:27:23.917872Z", "id": "CVE-2026-7774", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-04T17:27:34.304Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/06/04/9"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-04T18:45:41.657Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/06/04/9"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-04T18:45:41.657Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7774", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-04T17:27:23.917872Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-04T17:27:30.565Z"}}], "cna": {"title": "tarfile.data_filter path traversal bypass allows writing outside the extraction directory", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Ph\u00f9ng Si\u00eau \u0110\u1ea1t (OPSWAT Unit 515)"}, {"lang": "en", "type": "coordinator", "value": "Seth Larson (https://github.com/sethmlarson)"}, {"lang": "en", "type": "remediation developer", "value": "Gregory P. Smith (https://github.com/gpshead)"}, {"lang": "en", "type": "remediation developer", "value": "Petr Viktorin (https://github.com/encukou)"}, {"lang": "en", "type": "coordinator", "value": "Stan Ulbrych (https://github.com/StanFromIreland)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "modules": ["tarfile"], "product": "CPython", "versions": [{"status": "affected", "version": "0", "lessThan": "3.15.0", "versionType": "python"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/python/cpython/pull/149487", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/issues/149486", "tags": ["issue-tracking"]}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/4FU62L2M6RMMHT2QPGQNPEHHUND7CEX5/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.6.0"}, "descriptions": [{"lang": "en", "value": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.", "supportingMedia": [{"type": "text/html", "value": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22"}]}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF", "dateUpdated": "2026-06-04T14:34:33.794Z"}}}, "cveMetadata": {"cveId": "CVE-2026-7774", "state": "PUBLISHED", "dateUpdated": "2026-06-04T18:45:41.657Z", "dateReserved": "2026-05-04T14:47:51.154Z", "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "datePublished": "2026-06-04T14:21:23.904Z", "assignerShortName": "PSF"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process."}], "id": "CVE-2026-7774", "lastModified": "2026-06-10T19:16:38.280", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@python.org", "type": "Secondary"}]}, "published": "2026-06-04T16:16:42.103", "references": [{"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/0478bd83d82b255e0f29f613367a59d261e7eaa2"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/0d28f5e46e151718972dfabd91205444d0037b6d"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/578411982c16f753f4893532510099ef665117da"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/5cf47a248c35c375d610b87b2f72fd1ed454b558"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/commit/74cca9a92fb7d653e404843a56b8bdc7b0afdbbf"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/issues/149486"}, {"source": "cna@python.org", "url": "https://github.com/python/cpython/pull/149487"}, {"source": "cna@python.org", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/4FU62L2M6RMMHT2QPGQNPEHHUND7CEX5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/06/04/9"}], "sourceIdentifier": "cna@python.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@python.org", "type": "Secondary"}]}

{"bugzilla": {"description": "python: CPython: Python tarfile: Arbitrary file write via crafted link entries", "id": "2484827", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484827"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-59", "details": ["tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.", "A flaw was found in the `tarfile.data_filter` function within the Python `tarfile` module. A remote attacker could exploit this vulnerability by providing a specially crafted tar archive containing malicious link entries, such as symlinks with empty or directory-like names. This bypass allows the attacker to redirect subsequent archive members outside the intended extraction directory, leading to arbitrary file writes on the system where the archive is extracted. The impact of this flaw is limited by the permissions of the extracting process."], "name": "CVE-2026-7774", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "python36", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2026-06-04T14:21:23Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-7774\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-7774\nhttps://github.com/python/cpython/issues/149486\nhttps://github.com/python/cpython/pull/149487\nhttps://mail.python.org/archives/list/security-announce@python.org/thread/4FU62L2M6RMMHT2QPGQNPEHHUND7CEX5/"], "statement": "This flaw is rated as Moderate. The CPython `tarfile` module is susceptible to arbitrary file writes when processing a specially crafted archive containing malicious link entries. Exploitation requires user interaction to extract the archive, and the impact is constrained by the permissions of the extracting process, limiting the scope of potential data integrity compromise.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,3.15.0)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "CPython", "source": "cna", "vendor": "Python Software Foundation"}, "product": "cpython", "vendor": "python"}], "created": "2026-06-04T16:30:06.054538+00:00", "updated": "2026-06-18T15:45:03.362571+00:00", "vendors": ["python", "python$PRODUCT$cpython"]}