CVE-2026-7774: tarfile.data_filter path traversal bypass allows writing outside the extraction directory

Overview

Severity

N/A

Exploit Status

Not Exploited

Patch Tuesday

2026-Jun

Released

2026-06-07

Last Updated

2026-06-09

EPSS Score

0.03% (percentile: 8.5%)

Affected Products (2)

Open Source Software

• azl3 python3 3.12.9-11 on Azure Linux 3.0
• azl3 tensorflow 2.16.1-11 on Azure Linux 3.0

Revision History

• 2026-06-07: Information published.
• 2026-06-07: Information published.
• 2026-06-08: Information published.
• 2026-06-09: Information published.