NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-3087

Summary	If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.
Publication Date	April 28, 2026, 6:16 a.m.
Registration Date	April 29, 2026, 4:07 a.m.
Last Update	April 28, 2026, 3:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/python/cpython/issues/146581	cna@python.org
2	https://github.com/python/cpython/pull/146591	cna@python.org
3	https://mail.python.org/archives/list/security-announce@python.org/thread/X6FXE5C6KDKOVNX3EC3DWD5RUPFWOZA4/	cna@python.org
4	http://www.openwall.com/lists/oss-security/2026/04/28/9	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html