CVE-2026-49959: Unanchored Deletion Toctou
A Time-of-Check Time-of-Use (TOCTOU) vulnerability exists. A path is checked for its type (e.g., using `is_dir()`) and subsequently deleted using a vulnerable unanchored operation such as `shutil.rmtree()` or `unlink()`. An attacker can substitute the path with a symlink between the check and the deletion, leading to arbitrary file deletion outside intended
Pythongreprules fetch cve-2026-49959-unanchored-deletion-toctou --engine opengrepDescription
A Time-of-Check Time-of-Use (TOCTOU) vulnerability exists. A path is checked for its type (e.g., using `is_dir()`) and subsequently deleted using a vulnerable unanchored operation such as `shutil.rmtree()` or `unlink()`. An attacker can substitute the path with a symlink between the check and the deletion, leading to arbitrary file deletion outside intended
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0