CVE-2026-41140 Overview
CVE-2026-41140 is a path traversal vulnerability in Poetry, a popular dependency manager for Python. The vulnerability exists in the extractall() function within src/poetry/utils/helpers.py (lines 410-426), which extracts sdist tarballs without adequate path traversal protection on specific Python versions where tarfile.data_filter is unavailable. This affects Python versions 3.10.0 through 3.10.12 and 3.11.0 through 3.11.4, which are still supported by Poetry. The vulnerability has been fixed in Poetry version 2.3.4.
Critical Impact
Attackers could potentially exploit this path traversal flaw to write files outside the intended extraction directory when installing malicious Python packages via sdist tarballs on vulnerable Python versions.
Affected Products
- Poetry versions prior to 2.3.4
- Python 3.10.0 - 3.10.12 (when used with vulnerable Poetry versions)
- Python 3.11.0 - 3.11.4 (when used with vulnerable Poetry versions)
Discovery Timeline
- 2026-04-24 - CVE CVE-2026-41140 published to NVD
- 2026-04-27 - Last updated in NVD database
Technical Details for CVE-2026-41140
Vulnerability Analysis
This vulnerability is classified as CWE-22 (Path Traversal), which occurs when software uses external input to construct a pathname intended to identify a file or directory located within a restricted parent directory, but fails to properly neutralize special elements that can cause the pathname to resolve outside the restricted directory.
The vulnerable code path in Poetry's extractall() function processes sdist (source distribution) tarballs during package installation. On Python versions that lack the tarfile.data_filter security feature (introduced in Python 3.12 and backported to some later patch versions of 3.10 and 3.11), the extraction process does not validate file paths within the archive. This allows specially crafted archives containing path traversal sequences (such as ../) to write files to arbitrary locations on the filesystem outside the intended extraction directory.
Root Cause
The root cause is the absence of path traversal validation when extracting tarball contents on older Python versions. The tarfile.data_filter function, which provides built-in protection against dangerous archive members, is not available in Python 3.10.0-3.10.12 and 3.11.0-3.11.4. Poetry's extraction code did not implement alternative safeguards for these Python versions, leaving the extraction process vulnerable to malicious archive contents.
Attack Vector
An attacker could exploit this vulnerability by creating a malicious Python package with a specially crafted sdist tarball containing files with path traversal sequences in their names. When a user installs this package using Poetry on an affected Python version, files could be written outside the intended extraction directory. The attack requires network access to distribute the malicious package and user interaction to install it.
The vulnerability manifests in the tarball extraction routine where archive member paths are not sanitized before extraction. A malicious archive could contain entries like ../../../etc/cron.d/malicious that would escape the extraction directory. For technical details, see the GitHub Security Advisory.
Detection Methods for CVE-2026-41140
Indicators of Compromise
- Unexpected files appearing outside of Python virtual environment or package directories after package installation
- Poetry installation logs showing extraction of files with suspicious path components containing ../ sequences
- File system monitoring alerts for writes to sensitive directories during poetry install operations
Detection Strategies
- Monitor Poetry installation processes for file system operations outside expected directories
- Audit installed packages for suspicious file paths in sdist archives using tar -tvf to inspect archive contents before installation
- Implement file integrity monitoring on critical system directories that should not be modified during Python package installations
Monitoring Recommendations
- Enable file system auditing on development and CI/CD systems where Poetry is used
- Review Poetry installation logs for anomalous extraction behavior
- Monitor for newly created files in unexpected locations following package installation operations
How to Mitigate CVE-2026-41140
Immediate Actions Required
- Upgrade Poetry to version 2.3.4 or later, which includes the security fix
- Upgrade Python to version 3.10.13+ or 3.11.5+ where tarfile.data_filter is available
- Audit recently installed packages if running vulnerable Poetry and Python version combinations
Patch Information
Poetry version 2.3.4 addresses this vulnerability by implementing proper path traversal protection for sdist tarball extraction. Users should upgrade to this version or later. Detailed information about the fix is available in the GitHub Security Advisory.
Workarounds
- Upgrade Python to a version that includes tarfile.data_filter (Python 3.10.13+, 3.11.5+, or 3.12+)
- Only install packages from trusted sources while running vulnerable versions
- Consider using wheel packages instead of sdist tarballs where possible, as this vulnerability specifically affects tarball extraction
# Upgrade Poetry to patched version
pip install --upgrade poetry>=2.3.4
# Verify Poetry version
poetry --version
# Check Python version and upgrade if needed
python --version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
