← Zuruck zu CVEs
CVE-2026-3087
N/ABeschreibung
If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht4/27/2026
Zuletzt geandert4/29/2026
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-22
Referenzen
https://github.com/python/cpython/issues/146581(cna@python.org)
https://github.com/python/cpython/pull/146591(cna@python.org)
https://mail.python.org/archives/list/security-announce@python.org/thread/X6FXE5C6KDKOVNX3EC3DWD5RUPFWOZA4/(cna@python.org)
http://www.openwall.com/lists/oss-security/2026/04/28/9(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.