CVE-2026-41140: Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2026-Apr

Released

2026-04-26

EPSS Score

0.06% (percentile: 19.3%)

Affected Products (1)

Open Source Software

• azl3 poetry 1.8.3-1 on Azure Linux 3.0

Revision History

• 2026-04-26: Information published.