Sign In

CVE-2026-3087

ADVISORY - nist

Summary

If shutil.unpack_archive() is given a ZIP archive with an absolute Windows path containing a drive (C:\\...) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.

EPSS Score: 0.00061 (0.189)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in