Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Description
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extract_zipped_paths() utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call extract_zipped_paths() directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set TMPDIR in their environment to a directory with restricted write access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Utility function extract_zipped_paths() in Requests < 2.33.0 uses predictable temp filenames, letting local attackers pre-create malicious files that replace legitimate ones.
Vulnerability
Overview
The function requests.utils.extract_zipped_paths() in the popular Requests HTTP library (prior to version 2.33.0) extracts files from zip archives into the system's temporary directory using a predictable filename [1]. If a file with that name already exists at the extraction path, the function reuses it without any validation [4]. This design flaw allows a local attacker who has write access to the temporary directory to pre-create a malicious file under that predictable name. When an application then calls extract_zipped_paths(), the attacker's file is loaded in place of the legitimate archive content [1][4].
Exploitation
Prerequisites
Exploitation is limited to local attackers who already possess write access to the system's temporary directory [1]. Importantly, standard usage of the Requests library—such as normal requests.get() or requests.post() calls—does not invoke this utility function and is therefore unaffected [1][4]. Only applications that directly call extract_zipped_paths() are vulnerable [1][2][4]. No network-level privilege escalation is involved; the attack vector is purely local [1].
Impact
A successful attacker can substitute a malicious file (e.g., a Python module or configuration file) for a legitimate one extracted from a zip archive [1][4]. Depending on how the extracted file is subsequently used by the calling application, this could lead to arbitrary code execution, privilege escalation, or other integrity violations. The severity is reflected by CVSS 4.0 scoring (not detailed in the provided references) and the advisory's assessment of the bug as a security issue [1][3].
Mitigation
Requests version 2.33.0, released on 2026-03-25, remediates the vulnerability by extracting zip contents to a non-deterministic location, making it impossible for an attacker to predict the output path [1][3]. Developers who cannot immediately upgrade should set the TMPDIR environment variable to a directory with restricted write permissions, thereby denying local attackers the ability to plant files in the temp space [1][4]. No workaround exists for applications that must use the affected function without upgrading [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
requestsPyPI | < 2.33.0 | 2.33.0 |
Affected products
2- psf/requestsv5Range: < 2.33.0
Patches
11 file changed · +7 −6
src/requests/utils.py+7 −6 modified@@ -282,12 +282,13 @@ def extract_zipped_paths(path): return path # we have a valid zip archive and a valid member of that archive - tmp = tempfile.gettempdir() - extracted_path = os.path.join(tmp, member.split("/")[-1]) - if not os.path.exists(extracted_path): - # use read + write to avoid the creating nested folders, we only want the file, avoids mkdir racing condition - with atomic_open(extracted_path) as file_handler: - file_handler.write(zip_file.read(member)) + suffix = os.path.splitext(member.split("/")[-1])[-1] + fd, extracted_path = tempfile.mkstemp(suffix=suffix) + try: + os.write(fd, zip_file.read(member)) + finally: + os.close(fd) + return extracted_path
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-gc5v-m9x4-r6x2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-25645ghsaADVISORY
- github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7ghsax_refsource_MISCWEB
- github.com/psf/requests/releases/tag/v2.33.0ghsax_refsource_MISCWEB
- github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.