CVE-2026-7774

ADVISORY - nist

Summary

tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.

EPSS Score⁠: 0.00606 (0.444)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impacted images

Advisories

Docker

CREATED

21 days ago

UPDATED

15 days ago

ADVISORY ID

CVE-2026-7774

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

NIST

CREATED

21 days ago

UPDATED

15 days ago

ADVISORY IDCVE-2026-7774⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-22⁠

CVSS SCORE

6.9medium

Debian

CREATED

20 days ago

UPDATED

9 days ago

ADVISORY IDCVE-2026-7774⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

20 days ago

UPDATED

6 days ago

ADVISORY IDCVE-2026-7774⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Bitnami

CREATED

17 days ago

UPDATED

7 days ago

ADVISORY ID

BIT-libpython-2026-7774

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.9medium

Bitnami

CREATED

17 days ago

UPDATED

7 days ago

ADVISORY ID

BIT-python-2026-7774

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.9medium

Bitnami

CREATED

17 days ago

UPDATED

7 days ago

ADVISORY ID

BIT-python-min-2026-7774

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.9medium

Chainguard

CREATED

8 days ago

UPDATED

8 days ago

ADVISORY ID

CGA-4fj7-28j9-5v6j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY ID

MINI-26r5-354m-32rq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

7 days ago

UPDATED

7 days ago

ADVISORY ID

MINI-763q-98mw-3g34

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY ID

MINI-qr73-wpgw-hxhm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY ID

MINI-v5xp-jjxp-vcgp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

7 days ago

UPDATED

7 days ago

ADVISORY ID

MINI-ww98-x2qw-jhjr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY