CVE-2026-7774

ADVISORY - nist

Summary

tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.

EPSS Score⁠: 0.00606 (0.443)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impacted images

Advisories

Docker

CREATED

15 days ago

UPDATED

9 days ago

ADVISORY ID

CVE-2026-7774

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
python	dhi	-	-	<3.13.14	3.13.14
alpine/python-3.10	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.10	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.10	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.11	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.11	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.11	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.12	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.12	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.12	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.13	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.13	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.13	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
alpine/python-3.14	apk	alpine	3.23	<3.13.14	3.13.14
alpine/python-3.14	apk	alpine	3.23	>=3.14.0-alpha1,<3.14.6	3.14.6
alpine/python-3.14	apk	alpine	3.23	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.10	deb	debian	13	<3.13.14	3.13.14
debian/python-3.10	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.10	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.11	deb	debian	13	<3.13.14	3.13.14
debian/python-3.11	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.11	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.12	deb	debian	13	<3.13.14	3.13.14
debian/python-3.12	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.12	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.13	deb	debian	13	<3.13.14	3.13.14
debian/python-3.13	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.13	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
debian/python-3.14	deb	debian	13	<3.13.14	3.13.14
debian/python-3.14	deb	debian	13	>=3.14.0-alpha1,<3.14.6	3.14.6
debian/python-3.14	deb	debian	13	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2
python	dhi	-	-	>=3.14.0-alpha1,<3.14.6	3.14.6
python	dhi	-	-	>=3.15.0-alpha1,<3.15.0-beta2	3.15.0-beta2

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

15 days ago

UPDATED

9 days ago

ADVISORY IDCVE-2026-7774⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-22⁠

CVSS SCORE

6.9medium

Debian

CREATED

15 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2026-7774⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

14 days ago

UPDATED

18 hours ago

ADVISORY IDCVE-2026-7774⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Bitnami

CREATED

11 days ago

UPDATED

1 day ago

ADVISORY ID

BIT-libpython-2026-7774

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.9medium

Bitnami

CREATED

11 days ago

UPDATED

1 day ago

ADVISORY ID

BIT-python-2026-7774

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.9medium

Bitnami

CREATED

11 days ago

UPDATED

1 day ago

ADVISORY ID

BIT-python-min-2026-7774

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.9medium

Chainguard

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY ID

CGA-4fj7-28j9-5v6j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY ID

MINI-26r5-354m-32rq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

23 hours ago

UPDATED

23 hours ago

ADVISORY ID

MINI-763q-98mw-3g34

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY ID

MINI-qr73-wpgw-hxhm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY ID

MINI-v5xp-jjxp-vcgp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

23 hours ago

UPDATED

23 hours ago

ADVISORY ID

MINI-ww98-x2qw-jhjr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY