{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41140", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-17T12:59:15.738Z", "datePublished": "2026-04-24T17:10:33.869Z", "dateUpdated": "2026-04-24T18:03:02.013Z"}, "containers": {"cna": {"title": "Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 0.6, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "version": "4.0"}}], "references": [{"name": "https://github.com/python-poetry/poetry/security/advisories/GHSA-73h3-mf4w-8647", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/python-poetry/poetry/security/advisories/GHSA-73h3-mf4w-8647"}], "affected": [{"vendor": "python-poetry", "product": "poetry", "versions": [{"version": "< 2.3.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T17:10:33.869Z"}, "descriptions": [{"lang": "en", "value": "Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.data_filter is unavailable. Considering only Python versions which are still supported by Poetry, these are 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4. This vulnerability is fixed in 2.3.4."}], "source": {"advisory": "GHSA-73h3-mf4w-8647", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-24T18:02:54.197900Z", "id": "CVE-2026-41140", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T18:03:02.013Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41140", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-24T18:02:54.197900Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T18:02:58.110Z"}}], "cna": {"title": "Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4", "source": {"advisory": "GHSA-73h3-mf4w-8647", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 0.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "python-poetry", "product": "poetry", "versions": [{"status": "affected", "version": "< 2.3.4"}]}], "references": [{"url": "https://github.com/python-poetry/poetry/security/advisories/GHSA-73h3-mf4w-8647", "name": "https://github.com/python-poetry/poetry/security/advisories/GHSA-73h3-mf4w-8647", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.data_filter is unavailable. Considering only Python versions which are still supported by Poetry, these are 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4. This vulnerability is fixed in 2.3.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T17:10:33.869Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41140", "state": "PUBLISHED", "dateUpdated": "2026-04-24T18:03:02.013Z", "dateReserved": "2026-04-17T12:59:15.738Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-24T17:10:33.869Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions where tarfile.data_filter is unavailable. Considering only Python versions which are still supported by Poetry, these are 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4. This vulnerability is fixed in 2.3.4."}], "id": "CVE-2026-41140", "lastModified": "2026-04-27T18:53:00.053", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 0.6, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-24T18:16:28.613", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/python-poetry/poetry/security/advisories/GHSA-73h3-mf4w-8647"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "poetry: python: Poetry: Path traversal vulnerability allows arbitrary file write via malicious package extraction", "id": "2461604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461604"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", "status": "draft"}, "cwe": "CWE-22", "details": ["A flaw was found in Poetry, a dependency manager for Python. This vulnerability allows a remote attacker to perform a path traversal attack. By crafting a malicious software package, the `extractall()` function in Poetry can be tricked into writing files to unintended locations on the system. This could lead to the creation or overwrite of critical system files, potentially compromising the integrity of the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-41140", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-26/controller-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-26/eda-controller-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-26/hub-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-26/lightspeed-chatbot-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-kserve-agent-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-kserve-controller-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-kserve-router-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-kserve-storage-initializer-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "poetry", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "python-poetry", "product_name": "Red Hat Satellite 6"}], "public_date": "2026-04-24T17:10:33Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-41140\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-41140\nhttps://github.com/python-poetry/poetry/security/advisories/GHSA-73h3-mf4w-8647"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.3.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "poetry", "source": "cna", "vendor": "python-poetry"}, "product": "poetry", "vendor": "python-poetry"}], "analysis": {"en": {"generated_at": "2026-04-28T13:39:55.126148+00:00", "value": {"mitigation_remediation": ["Upgrade Poetry to version 2.3.4 or newer.", "If an upgrade cannot be performed immediately, run Poetry in an environment that limits write permissions so that extracted files cannot overwrite critical system or project files.", "Use a Python interpreter outside the vulnerable range (e.g., Python\u202f3.9 or 3.12) if the project permits, because those releases do not suffer from the data_filter deficiency.", "Avoid installing packages from untrusted sources while operating under the vulnerable Python versions."], "summary": {"action": "Patch", "impact": "Path Traversal"}, "threat_synthesis": {"affected_systems": "Poetry releases earlier than 2.3.4 that run on Python 3.10.0 through 3.10.12 or Python 3.11.0 through 3.11.4 are affected. Poetry 2.3.4 and later contain the patch. Versions of Poetry that run on other Python releases or newer Poetry releases are not impacted.", "description_and_impact": "The vulnerability occurs when Poetry\u2019s extractall() function processes source distribution tarballs without path traversal protection on Python versions where the tarfile.data_filter API is unavailable. A malicious tarball can cause files to be extracted outside the intended directory, potentially allowing a local user to create or overwrite files such as configuration files or executables. This is a classic path traversal flaw (CWE\u201122) and the damaging effect is inferred from the ability to write arbitrary files.", "risk_and_exploitability": "The CVSS score is 0.6 and the EPSS score is below 1\u202f%, and the vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires a local user who can run Poetry and has write access to the extraction target; the attack vector is therefore local. While the probability of widespread exploitation is low and the potential impact is confined to the user\u2019s environment, the low severity does not diminish the need to apply the fix promptly."}}}}, "created": "2026-04-27T18:45:11.312276+00:00", "updated": "2026-04-28T13:45:06.140152+00:00", "vendors": ["python-poetry", "python-poetry$PRODUCT$poetry"]}