PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-44722 danifus CVE debrief

CVE-2026-44722 is a MEDIUM severity vulnerability in pyzipper, a Python replacement for zipfile that can read and write AES encrypted zip files. The issue, now fixed in version 0.4.0, involves a Python operator precedence bug in pyzipper/zipfile_aes.py that caused the AE-2 format to never be automatically selected during encryption. As a result, encrypted entries were written in AE-1 format, exposing the plaintext CRC32 checksum in the ZIP header and, for unseekable zip archives, in the datadescripter section. This exposure allows an attacker who possesses the archive to brute-force candidate plaintexts for small or low-entropy files by comparing CRC32 values.

Vendor
danifus
Product
pyzipper
CVSS
MEDIUM 6.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Users of pyzipper, especially those handling encrypted zip files, should be aware of this vulnerability. The exposure of plaintext CRC32 checksums in AE-1 format could potentially be used by attackers to brute-force small or low-entropy files.

Technical summary

A Python operator precedence bug in pyzipper/zipfile_aes.py caused the AE-2 format to never be automatically selected during encryption, causing encrypted entries to be written in AE-1 format and exposing the plaintext CRC32 checksum in the ZIP header and, for unseekable zip archives, in the datadescripter section, allowing an attacker who possesses the archive to brute-force candidate plaintexts for small or low-entropy files by comparing CRC32 values.

Defensive priority

Medium priority should be given to updating pyzipper to version 0.4.0 or later, as the fix addresses a vulnerability that could be exploited to brute-force encrypted files.

Recommended defensive actions

  • Update pyzipper to version 0.4.0 or later
  • Review and inventory encrypted zip files handled by pyzipper
  • Consider implementing additional monitoring for potential brute-force attacks on encrypted files
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-17T17:17:15.240Z and was last modified on 2026-07-17T18:45:20.713Z. The NVD entry is currently Deferred. Evidence is limited to public CVE and NVD information. Defensive verification tasks are needed to confirm affected deployments and validate vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T17:17:15.240Z and has not been modified since then. The NVD entry is currently Deferred.