BIT-LIBPYTHON-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...