Description
tarfile.extractall() with the 'data' or 'tar'
filter could be bypassed by a crafted archive where a hardlink
references a symlink stored at a deeper name than the hardlink itself. 
The extraction fallback validated the symlink at it's archived location
but recreated it at the hardlink's shallower
path, letting a relative
target the filter judged contained escape the destination directory. 
This allowed a malicious tar archive to create a symlink pointing
outside the destination, enabling out-of-destination file reads or
writes. This was an incomplete fix of CVE-2025-4330.
Published: 2026-06-23
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability occurs when tarfile.extractall() processes a crafted archive that contains a hardlink pointing to a symlink defined deeper in the archive. The extraction routine validates the symlink at its archived location but recreates it at the hardlink’s shallower path, allowing the symlink to target a path that the destination filter considers outside the extraction directory. As a result, an attacker can create or modify files beyond the intended extraction folder, potentially writing to system files or reading sensitive data. This flaw is classified as a path traversal and hard‑link escape weakness.

Affected Systems

The flaw affects CPython distributions from the Python Software Foundation. No specific version range is listed, so any CPython release that includes the vulnerable tarfile extraction logic may be impacted until the upstream fix is applied.

Risk and Exploitability

The CVSS score of 7.8 marks the issue as high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Attackers need the ability to supply or influence the tar archive processed by extractall(); based on the description, it is inferred that the attack vector involves delivering a crafted tar archive to the process calling the extraction routine. Thus the threat is most acute when a process runs with elevated privileges and extracts untrusted archives, or when untrusted archives are parsed by code that runs as the current user. destination filter, affected deployments that use tarfile without additional checks could be exploited by locally compromised users or remote code that can trigger extraction.

Generated by OpenCVE AI on June 24, 2026 at 11:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest CPython release that contains the tarfile extraction filter fix (for example, CPython 3.12.4 or newer).
  • If an immediate upgrade is not feasible, configure tarfile to use the "data" filter and perform explicit path validation on each extracted entry, rejecting any symlinks that would resolve outside the intended extraction directory.
  • Avoid extracting archives from untrusted sources; run extraction under a restricted sandbox or chroot environment to limit potential write or read access to the file system.

Generated by OpenCVE AI on June 24, 2026 at 11:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Python
Python cpython
Vendors & Products Python
Python cpython

Tue, 23 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
References

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself.  The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower path, letting a relative target the filter judged contained escape the destination directory.  This allowed a malicious tar archive to create a symlink pointing outside the destination, enabling out-of-destination file reads or writes. This was an incomplete fix of CVE-2025-4330.
Title tarfile extraction filter bypass allows escaping the destination directory
Weaknesses CWE-22
CWE-59
References
Metrics cvssV4_0

{'score': 7.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N'}

Subscriptions

Python Cpython
cve-icon MITRE

Status: PUBLISHED

Assigner: PSF

Published:

Updated: 2026-06-23T17:57:32.525Z

Reserved: 2026-06-10T19:50:59.923Z

Link: CVE-2026-11940

cve-icon Vulnrichment

Updated: 2026-06-23T17:57:28.244Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T11:15:04Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  • CWE-59

    Improper Link Resolution Before File Access ('Link Following')