Vulners
Lucene search
Python 3.10.x / 3.11.x / 3.12.x / 3.13.x < 3.13.14 / 3.14.x < 3.14.6 Path Traversal
| Reporter | Title | Published | Views | Family All 30 |
|---|---|---|---|---|
 | CVE-2026-7774 | 4 Jun 202614:21 | – | attackerkb |
 | CVE-2026-7774 vulnerabilities | 16 Jun 202614:17 | – | cgr |
 | CVE-2026-7774 | 4 Jun 202616:25 | – | circl |
 | Python 安全漏洞 | 4 Jun 202600:00 | – | cnnvd |
 | CVE-2026-7774 | 4 Jun 202614:21 | – | cve |
 | CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory | 4 Jun 202614:21 | – | cvelist |
 | CVE-2026-7774 | 4 Jun 202614:21 | – | debiancve |
 | EUVD-2026-34282 | 4 Jun 202614:21 | – | euvd |
 | tarfile.data_filter path traversal bypass allows writing outside the extraction directory | 7 Jun 202608:03 | – | mscve |
 | CVE-2026-7774 | 4 Jun 202616:16 | – | nvd |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(320851);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/15");
script_cve_id("CVE-2026-7774");
script_xref(name:"IAVA", value:"2026-A-0549");
script_name(english:"Python 3.10.x / 3.11.x / 3.12.x / 3.13.x < 3.13.14 / 3.14.x < 3.14.6 Path Traversal");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an application installed that is affected by a path traversal vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Python installed on the remote Windows host is affected by a path traversal vulnerability.
tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like
names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar
archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions
of the extracting process.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://github.com/python/cpython/issues/149486");
script_set_attribute(attribute:"see_also", value:"https://github.com/python/cpython/pull/149487");
# https://mail.python.org/archives/list/[email protected]/thread/4FU62L2M6RMMHT2QPGQNPEHHUND7CEX5/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2295fc2d");
script_set_attribute(attribute:"solution", value:
"Upgrade to Python 3.13.14, 3.14.6 or later. For other branches, upgrade to a fixed version when available.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-7774");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/04");
script_set_attribute(attribute:"patch_publication_date", value:"2026/06/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/12");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:python:python");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("python_win_installed.nbin");
script_require_keys("installed_sw/Python Software Foundation Python", "SMB/Registry/Enumerated", "Settings/ParanoidReport");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'Python Software Foundation Python', win_local:TRUE);
# We cannot test for patch/workaround
if (report_paranoia < 2) audit(AUDIT_PARANOID);
# app_info.version holds file version, like 3.14.6150.1013, which has no public translation to the version we want
# app_info.display_version holds correct version, so swap these
app_info.version = app_info.display_version;
app_info.parsed_version = vcf::parse_version(app_info.version);
var constraints = [
{'min_version':'0.0', 'max_version':'3.10.20', 'fixed_display':'Upgrade to a fixed version (see vendor advisory)'},
{'min_version':'3.11', 'max_version':'3.11.15', 'fixed_display':'Upgrade to a fixed version (see vendor advisory)'},
{'min_version':'3.12', 'max_version':'3.12.13', 'fixed_display':'Upgrade to a fixed version (see vendor advisory)'},
{'min_version':'3.13', 'fixed_version':'3.13.14'},
{'min_version':'3.14', 'fixed_version':'3.14.6'}
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Jun 2026 00:00Current
5.3Medium risk
Vulners AI Score5.3
CVSS 46.9
EPSS0.00606
SSVC