CVE-2026-7774
ADVISORY - nistSummary
tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.
EPSS Score: 0.00028 (0.086)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Docker
CREATED
UPDATED
ADVISORY ID
CVE-2026-7774
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| python | dhi | - | - | >=0 | Not yet available |
| alpine/python-3.10 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.11 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.12 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.13 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.14 | apk | alpine | 3.23 | >=0 | Not yet available |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-7774
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.9mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2026-7774
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-7774
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-