CVE-2026-3087

ADVISORY - nist

Summary

If shutil.unpack_archive() is given a ZIP archive with an absolute Windows path containing a drive (C:\\...) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.

EPSS Score⁠: 0.0015 (0.353)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impacted images

Advisories

Docker

CREATED

2 months ago

UPDATED

7 days ago

ADVISORY ID

CVE-2026-3087

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
python	dhi	-	-	>=3.14.5,<3.14.6	3.14.6
alpine/python-3.10	apk	alpine	3.23	<3.14.5-rc1	3.14.5-rc1
alpine/python-3.10	apk	alpine	3.23	>=3.14.5,<3.14.6	3.14.6
alpine/python-3.10	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.11	apk	alpine	3.23	<3.14.5-rc1	3.14.5-rc1
alpine/python-3.11	apk	alpine	3.23	>=3.14.5,<3.14.6	3.14.6
alpine/python-3.11	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.12	apk	alpine	3.23	<3.14.5-rc1	3.14.5-rc1
alpine/python-3.12	apk	alpine	3.23	>=3.14.5,<3.14.6	3.14.6
alpine/python-3.12	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.13	apk	alpine	3.23	<3.14.5-rc1	3.14.5-rc1
alpine/python-3.13	apk	alpine	3.23	>=3.14.5,<3.14.6	3.14.6
alpine/python-3.13	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.14	apk	alpine	3.23	<3.14.5-rc1	3.14.5-rc1
alpine/python-3.14	apk	alpine	3.23	>=3.14.5,<3.14.6	3.14.6
alpine/python-3.14	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.10	deb	debian	13	<3.14.5-rc1	3.14.5-rc1
debian/python-3.10	deb	debian	13	>=3.14.5,<3.14.6	3.14.6
debian/python-3.10	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.11	deb	debian	13	<3.14.5-rc1	3.14.5-rc1
debian/python-3.11	deb	debian	13	>=3.14.5,<3.14.6	3.14.6
debian/python-3.11	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.12	deb	debian	13	<3.14.5-rc1	3.14.5-rc1
debian/python-3.12	deb	debian	13	>=3.14.5,<3.14.6	3.14.6
debian/python-3.12	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.13	deb	debian	13	<3.14.5-rc1	3.14.5-rc1
debian/python-3.13	deb	debian	13	>=3.14.5,<3.14.6	3.14.6
debian/python-3.13	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.14	deb	debian	13	<3.14.5-rc1	3.14.5-rc1
debian/python-3.14	deb	debian	13	>=3.14.5,<3.14.6	3.14.6
debian/python-3.14	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
python	dhi	-	-	<3.14.5-rc1	3.14.5-rc1
python	dhi	-	-	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

2 months ago

UPDATED

7 days ago

ADVISORY IDCVE-2026-3087⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-22⁠

CVSS SCORE

6medium

Debian

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDCVE-2026-3087⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

1 month ago

UPDATED

28 days ago

ADVISORY IDCVE-2026-3087⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

Bitnami

CREATED

1 month ago

UPDATED

7 days ago

ADVISORY ID

BIT-libpython-2026-3087

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6medium

Bitnami

CREATED

1 month ago

UPDATED

7 days ago

ADVISORY ID

BIT-python-2026-3087

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6medium

Bitnami

CREATED

1 month ago

UPDATED

7 days ago

ADVISORY ID

BIT-python-min-2026-3087

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6medium

Photon

CREATED

7 days ago

UPDATED

7 days ago

ADVISORY ID

CVE-2026-3087

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

minimos

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

MINI-4gj2-v85m-7mgj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

MINI-6xh8-hchh-wj29

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

MINI-9vxv-hf33-3pjm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

MINI-jfqm-3f63-fh89

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

7 days ago

UPDATED

7 days ago

ADVISORY ID

MINI-m4wq-x925-3hcp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY