PT-2026-57903 · Dao Ailab · Flash-Attention

Yu Sun

·

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-62239

CVSS v3.1

6.6

Medium

VectorAV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the download and copy() function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the predictable cache directory to redirect extracted binaries to an attacker-chosen location, enabling arbitrary file write with victim privileges during build time.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-62239

Affected Products

Flash-Attention