CVE-2026-3087 - shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
CVE ID :CVE-2026-3087 Published : April 27, 2026, 9:16 p.m. | 45 minutes ago Description :If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than oth
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] 72% of enterprise users have at least one browser extension with a known CVE. Pulled the numbers on our org and it tracks.
- [CYBER] Robinhood account creation flaw abused to send phishing emails
- [CYBER] How we self-pentested ciguard — Cycle 1: four findings, four advisories, two days
- [CYBER] Laptop Security Recommendations for Keeping Sensitive Files Safe?
- [CYBER] Vulnerability Summary for the Week of April 20, 2026
- [CYBER] CVE-2026-7177 - ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery