Vulnerabilities

CVE-2026-3087

by Fred · 27/04/2026

If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\…`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.

More information : https://github.com/python/cpython/commit/ab5ef98af693bded74a738570e81ea70abef2840

Similar

Tags: Cybersecurity Alert