CVE-2026-7774EPSS p44.3%

CVE-2026-7774CVE-2026-7774

Description

tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.

Scoring

EPSS0.61% probability of exploitation · percentile 44.3% · 2026-06-19T12:03:05Z
Last modified2026-06-10

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-4517
CVE
CVE-2025-69874
CVE
CVE-2025-13462
CVE
CVE-2026-3087
CVE
CVE-2026-26158
CVE
CVE-2026-28453
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.