NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-11940

Summary	tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower path, letting a relative target the filter judged contained escape the destination directory. This allowed a malicious tar archive to create a symlink pointing outside the destination, enabling out-of-destination file reads or writes. This was an incomplete fix of CVE-2025-4330.
Publication Date	June 24, 2026, 2:16 a.m.
Registration Date	June 27, 2026, 4:13 a.m.
Last Update	June 24, 2026, 4:36 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/python/cpython/commit/27dd970bf6b17ebca7c8ed486a40ab043ed7af8f	cna@python.org
2	https://github.com/python/cpython/commit/672825e2f36a57e173959b0d9d409d4560dab8df	cna@python.org
3	https://github.com/python/cpython/commit/771d12dda5140313db0ac550292987975651bbde	cna@python.org
4	https://github.com/python/cpython/commit/79c06bd5c6afa3c440d50faf7ee1b147c8832b4c	cna@python.org
5	https://github.com/python/cpython/issues/151558	cna@python.org
6	https://github.com/python/cpython/pull/151559	cna@python.org
7	https://mail.python.org/archives/list/security-announce@python.org/thread/LD6QIISNQFQYOIEPJNEUIPV7S3V76FZH/	cna@python.org

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html
2	CWE-59	リンク解釈の問題	https://cwe.mitre.org/data/definitions/59.html