PatchSiren cyber security CVE debrief
CVE-2026-44722 danifus CVE debrief
CVE-2026-44722 is a MEDIUM severity vulnerability in pyzipper, a Python replacement for zipfile that can read and write AES encrypted zip files. The issue, now fixed in version 0.4.0, involves a Python operator precedence bug in pyzipper/zipfile_aes.py that caused the AE-2 format to never be automatically selected during encryption. As a result, encrypted entries were written in AE-1 format, exposing the plaintext CRC32 checksum in the ZIP header and, for unseekable zip archives, in the datadescripter section. This exposure allows an attacker who possesses the archive to brute-force candidate plaintexts for small or low-entropy files by comparing CRC32 values.
- Vendor
- danifus
- Product
- pyzipper
- CVSS
- MEDIUM 6.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of pyzipper, especially those handling encrypted zip files, should be aware of this vulnerability. The exposure of plaintext CRC32 checksums in AE-1 format could potentially be used by attackers to brute-force small or low-entropy files.
Technical summary
A Python operator precedence bug in pyzipper/zipfile_aes.py caused the AE-2 format to never be automatically selected during encryption, causing encrypted entries to be written in AE-1 format and exposing the plaintext CRC32 checksum in the ZIP header and, for unseekable zip archives, in the datadescripter section, allowing an attacker who possesses the archive to brute-force candidate plaintexts for small or low-entropy files by comparing CRC32 values.
Defensive priority
Medium priority should be given to updating pyzipper to version 0.4.0 or later, as the fix addresses a vulnerability that could be exploited to brute-force encrypted files.
Recommended defensive actions
- Update pyzipper to version 0.4.0 or later
- Review and inventory encrypted zip files handled by pyzipper
- Consider implementing additional monitoring for potential brute-force attacks on encrypted files
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-07-17T17:17:15.240Z and was last modified on 2026-07-17T18:45:20.713Z. The NVD entry is currently Deferred. Evidence is limited to public CVE and NVD information. Defensive verification tasks are needed to confirm affected deployments and validate vendor guidance.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T17:17:15.240Z and has not been modified since then. The NVD entry is currently Deferred.