No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 01 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Python
Python cpython |
|
| Vendors & Products |
Python
Python cpython |
Tue, 30 Jun 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 30 Jun 2026 16:00:00 +0000
Tue, 30 Jun 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract() function. | |
| Title | Tarfile.extract() doesn't fully respect filter parameter | |
| Weaknesses | CWE-281 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: PSF
Published:
Updated: 2026-06-30T15:28:30.201Z
Reserved: 2026-03-17T19:25:46.527Z
Link: CVE-2026-4360
Updated: 2026-06-30T15:28:27.269Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T10:01:22Z