CVE-2026-41140: Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2026-Apr

Released

2026-04-26

Last Updated

2026-06-04

EPSS Score

0.09% (percentile: 25.5%)

Affected Products (2)

Open Source Software

• azl3 poetry 1.8.3-1 on Azure Linux 3.0
• azl3 poetry 1.8.5-1 on Azure Linux 3.0

Revision History

• 2026-04-26: Information published.
• 2026-04-29: Information published.
• 2026-04-29: Information published.
• 2026-06-04: Information published.