CVE-2026-41140 - Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
CVE ID :CVE-2026-41140 Published : April 24, 2026, 5:10 p.m. | 46 minutes ago Description :Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions wh
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Ransomware groups are using "post-quantum" hype to intimidate victims
- [CYBER] CVE-2026-41433 - OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR
- [CYBER] CVE-2026-41427 - Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients
- [CYBER] CVE-2026-41429 - Improper validation of NBNS name_len in arduino-esp32 NetBIOS leads to memory corruption
- [CYBER] CVE-2026-41428 - Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints
- [CYBER] CVE-2026-41907 - uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided