PT-2026-57903 · Dao Ailab · Flash-Attention
Yu Sun
·
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-62239
CVSS v3.1
6.6
Medium
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N |
FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the download and copy() function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the predictable cache directory to redirect extracted binaries to an attacker-chosen location, enabling arbitrary file write with victim privileges during build time.
Exploit
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flash-Attention