CVE-2026-7774 Python Software Foundation CVE debrief

Who should care

Users of the Python tarfile module, particularly those who extract archives from untrusted sources, should be aware of this vulnerability. Developers who use tarfile.extractall() in their applications may need to take precautions to ensure that the extraction process does not write files outside the intended directory.

Technical summary

The vulnerability exists in the tarfile module of Python. Specifically, the tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.

Defensive priority

MEDIUM

Recommended defensive actions

• Users should update to the latest version of Python that includes the fix for this vulnerability.
• Developers should review their applications that use tarfile.extractall() and ensure that they are not vulnerable to this issue.
• Users should exercise caution when extracting archives from untrusted sources.

Evidence notes

The CVE-2026-7774 vulnerability was introduced due to a weakness in the tarfile module's handling of symlinks in tar archives. The vulnerability has been addressed by the Python developers, and patches are available.

Official resources