CVE-2026-23949 Overview
CVE-2026-23949 is a Zip Slip path traversal vulnerability affecting jaraco.context, an open-source Python package that provides useful decorators and context managers. The vulnerability exists in the jaraco.context.tarball() function starting in version 5.2.0 and prior to version 6.1.0. When processing malicious tar archives, attackers may extract files outside the intended extraction directory, potentially overwriting sensitive system files or application configurations.
Critical Impact
Attackers can leverage malicious tar archives to write arbitrary files outside the intended extraction directory, potentially leading to configuration compromise, credential theft, or code execution through file overwrites.
Affected Products
- jaraco.context versions >= 5.2.0 and < 6.1.0
- Applications using the jaraco.context.tarball() function for tar archive extraction
- setuptools packages that vendor jaraco.context (see setuptools vendored code)
Discovery Timeline
- 2026-01-20 - CVE CVE-2026-23949 published to NVD
- 2026-01-20 - Last updated in NVD database
Technical Details for CVE-2026-23949
Vulnerability Analysis
This path traversal vulnerability (CWE-22) arises from insufficient path sanitization in the strip_first_component filter used during tar archive extraction. The vulnerable function splits paths on the first / character and extracts the second component but fails to properly handle directory traversal sequences (../).
When a tar archive contains specially crafted file paths such as dummy_dir/../../etc/passwd, the strip_first_component filter processes this path by removing only the first directory component, resulting in ../../etc/passwd. This traversal path escapes the intended extraction directory and allows files to be written to arbitrary locations on the filesystem.
The vulnerability is further compounded by susceptibility to nested tarball attacks. Multi-level tar files containing an inner archive (e.g., dummy_dir/inner.tar.gz) can bypass initial extraction checks when the inner archive itself contains traversal paths like dummy_dir/../../config/.env, which similarly translate to ../../config/.env upon extraction.
Root Cause
The root cause is the inadequate path validation in the strip_first_component filter function. While the filter correctly removes the first path component as intended, it does not validate the remaining path for directory traversal sequences. The function processes member paths without checking whether the resulting path after stripping would escape the target extraction directory. This allows attackers to craft tar entries with paths that, after filtering, resolve to locations outside the intended directory hierarchy.
Attack Vector
The attack requires an attacker to supply a malicious tar archive to an application using the vulnerable jaraco.context.tarball() function. This could occur through:
- User-uploaded tar archives processed by a web application
- Tar archives fetched from untrusted URLs via the tarball() context manager
- Supply chain attacks through compromised package repositories
The vulnerability is exploitable over the network without authentication or user interaction, allowing attackers to extract files to arbitrary filesystem locations accessible by the application's process.
try:
req = urllib.request.urlopen(url)
with tarfile.open(fileobj=req, mode='r|*') as tf:
- tf.extractall(path=target_dir, filter=strip_first_component)
+ tf.extractall(path=target_dir, filter=_default_filter)
yield target_dir
finally:
shutil.rmtree(target_dir)
+def _compose_tarfile_filters(*filters):
+ def compose_two(f1, f2):
+ return lambda member, path: f1(f2(member, path), path)
+
+ return functools.reduce(compose_two, filters, lambda member, path: member)
+
def strip_first_component(
member: tarfile.TarInfo,
path,
Source: GitHub Commit Details
Detection Methods for CVE-2026-23949
Indicators of Compromise
- Unexpected file creation or modification in sensitive directories such as /etc/, /config/, or application configuration directories
- Log entries showing tar extraction operations with paths containing ../ sequences
- File system audit events indicating writes outside expected application directories
- Presence of files with unusual timestamps in system configuration directories
Detection Strategies
- Monitor applications using jaraco.context for tar extraction operations and validate destination paths
- Implement file integrity monitoring on sensitive configuration directories
- Audit Python package dependencies for vulnerable versions of jaraco.context (>= 5.2.0, < 6.1.0)
- Deploy application-level logging to capture tar archive extraction events and their target paths
Monitoring Recommendations
- Enable file system auditing for sensitive directories to detect unauthorized file writes
- Configure SIEM alerts for path traversal patterns (../) in file operation logs
- Regularly scan application dependencies for known vulnerable package versions
- Monitor network traffic for suspicious tar archive downloads from untrusted sources
How to Mitigate CVE-2026-23949
Immediate Actions Required
- Upgrade jaraco.context to version 6.1.0 or later immediately
- Audit applications for usage of the jaraco.context.tarball() function
- Review any files extracted using the vulnerable function for signs of compromise
- Implement file integrity checks on sensitive system and application configuration files
Patch Information
The vulnerability has been patched in jaraco.context version 6.1.0. The fix introduces a new _compose_tarfile_filters function and replaces the vulnerable strip_first_component filter with a _default_filter that properly validates extraction paths. The patch commit (7b26a42b525735e4085d2e994e13802ea339d5f9) implements extraction safety measures to prevent path traversal attacks.
For detailed patch information, see the GitHub Security Advisory GHSA-58pv-8j8x-9vj2.
Workarounds
- If immediate upgrade is not possible, avoid using the tarball() context manager with untrusted tar archives
- Implement additional path validation before processing tar archives to reject entries containing ../ sequences
- Run applications processing tar archives in sandboxed or containerized environments with restricted filesystem access
- Use chroot or similar isolation mechanisms to limit the impact of potential path traversal attacks
# Upgrade jaraco.context to patched version
pip install --upgrade "jaraco.context>=6.1.0"
# Verify installed version
pip show jaraco.context | grep Version
# Scan project dependencies for vulnerable versions
pip list --outdated | grep jaraco
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
