Security Advisory

CVE-2026-3087

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-27 20:46:43

Last updated 2026-05-12 13:25:02

Assigner PSF

State PUBLISHED

Description

If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.

← Browse all CVEs View on cve.org ↗