CVE-2026-23949: Tarfile Unsafe Custom Filter
A custom tarfile extraction filter is being used. If this custom filter modifies the `TarInfo` (e.g., to strip path components) without validating against path traversal (Zip Slip), it may lead to arbitrary file writes. Ensure your custom filter composes with `tarfile.data_filter` to securely extract archives.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0python
greprules fetch cve-2026-23949-tarfile-unsafe-custom-filter --engine opengrepDescription
A custom tarfile extraction filter is being used. If this custom filter modifies the `TarInfo` (e.g., to strip path components) without validating against path traversal (Zip Slip), it may lead to arbitrary file writes. Ensure your custom filter composes with `tarfile.data_filter` to securely extract archives.
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.