CVE-2026-11972

Published: June 26, 2026Last modified: July 3, 2026

Description

When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle EOF, making archive parsing take exponentially longer.

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSpython3Fixed (3.11.15-r5)
25 LTSpython3Fixed (3.12.13-r5)
Streampython3Fixed (3.14.5-r4)
Hardened Containers23 LTSpython3Fixed (3.11.15-r5)
25 LTSpython3Fixed (3.12.13-r5)
Streampython3Fixed (3.14.5-r4)

References

ON THIS PAGE