CVE-2026-24049 Overview
CVE-2026-24049 is a Path Traversal vulnerability affecting the Python wheel command line tool, which is used for manipulating Python wheel files as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction.
The vulnerability stems from the logic blindly trusting the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
Critical Impact
Maliciously crafted wheel files can alter permissions of critical system files outside the destination tree, enabling privilege escalation or arbitrary code execution.
Affected Products
- Python wheel versions 0.46.1 and below
- Systems using the wheel unpack command
- Python development environments with vulnerable wheel installations
Discovery Timeline
- 2026-01-22 - CVE CVE-2026-24049 published to NVD
- 2026-01-22 - Last updated in NVD database
Technical Details for CVE-2026-24049
Vulnerability Analysis
This Path Traversal vulnerability (CWE-22) exists in the wheel package's unpack functionality. The core issue lies in the disconnect between how the extraction path is handled versus how the subsequent chmod operation is performed.
When a wheel file is unpacked, Python's ZipFile.extract() method sanitizes the path to prevent directory traversal attacks during extraction. However, the original vulnerable code used the raw zinfo.filename from the archive header for the subsequent chmod operation. This creates a dangerous race condition where an attacker can specify a traversal path like ../../../etc/passwd in the archive header - the file won't be extracted to that location due to sanitization, but the chmod operation will still target that path.
The attack requires local access and user interaction (the victim must unpack a malicious wheel file), but can result in high integrity and availability impacts through modification of critical system files or scripts.
Root Cause
The root cause is improper input validation where the code uses the unsanitized zinfo.filename directly from the archive header for file permission operations, rather than using the actual extracted file path returned by the extract() method. This allows attackers to specify arbitrary paths in the archive header that will be used for chmod operations, even though the extraction itself is properly sanitized.
Attack Vector
The attack requires local access where an attacker must convince a user to unpack a maliciously crafted wheel file. The attack flow is:
- Attacker creates a wheel file with specially crafted filenames containing path traversal sequences (e.g., ../../../etc/passwd)
- Victim downloads and runs wheel unpack on the malicious wheel file
- The extraction process sanitizes the path, extracting files only to the intended destination
- The vulnerable chmod operation uses the raw filename from the header, applying permissions to files outside the destination tree
- Critical system files become world-writable, enabling privilege escalation or code execution
The fix in version 0.46.2 addresses this by using the actual path returned by extract() for the chmod operation:
destination = Path(dest) / namever
print(f"Unpacking to: {destination}...", end="", flush=True)
for zinfo in wf.filelist:
- wf.extract(zinfo, destination)
+ target_path = Path(wf.extract(zinfo, destination))
# Set permissions to the same values as they were set in the archive
# We have to do this manually due to
# https://github.com/python/cpython/issues/59999
permissions = zinfo.external_attr >> 16 & 0o777
- destination.joinpath(zinfo.filename).chmod(permissions)
+ target_path.chmod(permissions)
print("OK")
Source: GitHub Commit
Detection Methods for CVE-2026-24049
Indicators of Compromise
- Unexpected permission changes on critical system files such as /etc/passwd, /etc/shadow, or SSH keys
- Wheel files containing path traversal sequences (../) in archive filenames
- Modified timestamps on sensitive configuration files coinciding with wheel unpack operations
- Audit logs showing chmod operations on files outside Python package directories
Detection Strategies
- Monitor file system permission changes on critical system files using file integrity monitoring (FIM) tools
- Implement audit rules to track chmod system calls targeting sensitive directories like /etc/
- Scan Python wheel files before installation for suspicious filename patterns containing traversal sequences
- Use SentinelOne's behavioral AI to detect anomalous file permission modifications following Python operations
Monitoring Recommendations
- Enable audit logging for file permission changes on critical system files
- Monitor Python package installation and unpacking activities in development and production environments
- Implement alerting for any wheel unpack operations performed by non-administrative users
- Track changes to executable scripts and configuration files that could be leveraged for privilege escalation
How to Mitigate CVE-2026-24049
Immediate Actions Required
- Upgrade the wheel package to version 0.46.2 or later immediately using pip install --upgrade wheel
- Audit systems for any recently unpacked wheel files from untrusted sources
- Review file permissions on critical system files to ensure they haven't been modified
- Restrict use of wheel unpack command to trusted wheel files only
Patch Information
The vulnerability has been fixed in wheel version 0.46.2. The patch modifies the unpack.py file to use the actual extracted path returned by the extract() method for the chmod operation, rather than trusting the raw filename from the archive header.
For detailed information, refer to the GitHub Security Advisory GHSA-8rrh-rw8j-w5fx and the wheel 0.46.2 release notes.
Workarounds
- Avoid using wheel unpack on wheel files from untrusted or unknown sources
- Use virtual environments with restricted permissions to limit the impact of potential exploitation
- Implement file system access controls to prevent Python processes from modifying critical system files
- Consider using container isolation for development environments that handle third-party wheel files
# Upgrade wheel to patched version
pip install --upgrade wheel>=0.46.2
# Verify installed version
pip show wheel | grep Version
# Check file permissions on critical files
ls -la /etc/passwd /etc/shadow ~/.ssh/
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
