CVE-2026-41140

Root

Cause

Poetry, a Python dependency manager, contains a path traversal vulnerability in the extractall() function within src/poetry/utils/helpers.py (lines 410-426). On Python versions where tarfile.data_filter is unavailable or broken—specifically Python 3.10.0 through 3.10.12 and 3.11.0 through 3.11.4—the function extracts sdist tarball members without sanitizing paths for traversal sequences like ../. This occurs during metadata resolution (e.g., poetry add --lock) before the build backend runs [1][2].

Exploitation

Vector

An attacker can craft a malicious sdist tarball containing tar members with path traversal components (e.g., ../../malicious_file). When Poetry processes this sdist, the unsafe extraction writes files to directories outside the intended extraction directory. No special privileges beyond having or authentication beyond supplying the malicious sdist is required. The traversal occurs directly during tar extraction, not during subsequent build steps [2].

Impact

Successful exploitation allows arbitrary file write by an attacker-chosen location on the user's filesystem. However, in practice, the impact is considered low because a malicious sdist can already include arbitrary code in setup.py, which would be executed when the package is built after extraction. The vulnerability is unexpected because the file write happens earlier during tar extraction, but the destructive potential is largely redundant with existing automation capabilities in the build process [2].

Mitigation

The vulnerability is fixed in Poetry version 2.3.4, released on 2026-04-24. Users are advised to upgrade to this patched version, which implements proper path validation to ensure all extracted members are extracted only within the target directory [4]. Affected Python versions include those shipped with Debian Bookworm (Python 3.11.2) and Ubuntu 22.04 LTS (Python 3.10.6) [2].