PT-2026-53894 · Python · Python
Michael Scovetta
+2
·
Published
2026-06-30
·
Updated
2026-06-30
·
CVE-2026-4360
CVSS v4.0
2.0
Low
| Vector | AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Python (affected versions not specified)
Description
In the
extract() function of the Tarfile module, the filter parameter is not correctly handled when extracting hardlinks. This issue allows a system extracting content from untrusted tar files to write files with an unexpected uid/gid, even when the user has specified filter='data' to restrict the extraction process.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Python