CVE-2026-3087
ADVISORY - nistSummary
If shutil.unpack_archive() is given a ZIP archive with an absolute Windows path containing a drive (C:\\...) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.
EPSS Score: 0.00061 (0.189)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Docker
CREATED
UPDATED
ADVISORY ID
CVE-2026-3087
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| python | dhi | - | - | >=0 | Not yet available |
| alpine/python-3.10 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.11 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.12 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.13 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.14 | apk | alpine | 3.23 | >=0 | Not yet available |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-3087
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2026-3087
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-3087
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumBitnami
CREATED
UPDATED
ADVISORY ID
BIT-libpython-2026-3087
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
6mediumBitnami
CREATED
UPDATED
ADVISORY ID
BIT-python-2026-3087
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
6mediumBitnami
CREATED
UPDATED
ADVISORY ID
BIT-python-min-2026-3087
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
6mediumminimos
CREATED
UPDATED
ADVISORY ID
MINI-4gj2-v85m-7mgj
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-6xh8-hchh-wj29
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-9vxv-hf33-3pjm
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-jfqm-3f63-fh89
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-