CVE-2026-3087
CVE-2026-3087 describes a vulnerability in Python’s shutil.unpack_archive() where extracting a ZIP that contains an absolute Windows path (for example starting with C:) can cause files to be written outside the target directory. The issue is Windows-specific; other operating systems are not affec...