Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-11972
PUBLISHED
More InfoOfficial Page
Assigner-PSF
Assigner Org ID-28c92f92-d60d-412d-b760-e73465c3df22
View Known Exploited Vulnerability (KEV) details
Published At-23 Jun, 2026 | 22:02
Updated At-30 Jun, 2026 | 15:13
Rejected At-
▼CVE Numbering Authority (CNA)
tarfile opened in streaming mode mishandles EOF

When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle EOF, making archive parsing take exponentially longer.

Affected Products
Vendor
Python Software FoundationPython Software Foundation
Product
CPython
Repo
https://github.com/python/cpython
Modules
  • tarfile
Default Status
unaffected
Versions
Affected
  • From 0 before 3.15.0 (python)
Problem Types
TypeCWE IDDescription
CWECWE-252CWE-252
CWECWE-606CWE-606
CWECWE-770CWE-770
Type: CWE
CWE ID: CWE-252
Description: CWE-252
Type: CWE
CWE ID: CWE-606
Description: CWE-606
Type: CWE
CWE ID: CWE-770
Description: CWE-770
Metrics
VersionBase scoreBase severityVector
4.08.2HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
Ryan Hileman (https://github.com/lunixbochs)
coordinator
Petr Viktorin (https://github.com/encukou)
remediation reviewer
Stan Ulbrych (https://github.com/StanFromIreland)
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/python/cpython/issues/151981
issue-tracking
https://github.com/python/cpython/pull/151982
patch
https://mail.python.org/archives/list/security-announce@python.org/thread/AXPSKKTSRKXTTJULW3XSIC74WZNAAPPB/
vendor-advisory
https://github.com/python/cpython/commit/3f031d431f80668e14f3bc066bbf4369cd9281b9
patch
https://github.com/python/cpython/commit/4ce6bf7c8aa7725828a38981c306f214c1f29365
patch
https://github.com/python/cpython/commit/7f0dc59c9a70f8f3b4da33d7c4a2ba552a7acc21
patch
https://github.com/python/cpython/commit/e86666c9dd256d52d0fbef6feb1ea4a51768fdec
patch
https://github.com/python/cpython/commit/eb63c0f94dfcbea7fda8eab6213818e134d67192
patch
https://github.com/python/cpython/commit/f50bf13566189c8d0ce5a814f33eff3d89951896
patch
Hyperlink: https://github.com/python/cpython/issues/151981
Resource:
issue-tracking
Hyperlink: https://github.com/python/cpython/pull/151982
Resource:
patch
Hyperlink: https://mail.python.org/archives/list/security-announce@python.org/thread/AXPSKKTSRKXTTJULW3XSIC74WZNAAPPB/
Resource:
vendor-advisory
Hyperlink: https://github.com/python/cpython/commit/3f031d431f80668e14f3bc066bbf4369cd9281b9
Resource:
patch
Hyperlink: https://github.com/python/cpython/commit/4ce6bf7c8aa7725828a38981c306f214c1f29365
Resource:
patch
Hyperlink: https://github.com/python/cpython/commit/7f0dc59c9a70f8f3b4da33d7c4a2ba552a7acc21
Resource:
patch
Hyperlink: https://github.com/python/cpython/commit/e86666c9dd256d52d0fbef6feb1ea4a51768fdec
Resource:
patch
Hyperlink: https://github.com/python/cpython/commit/eb63c0f94dfcbea7fda8eab6213818e134d67192
Resource:
patch
Hyperlink: https://github.com/python/cpython/commit/f50bf13566189c8d0ce5a814f33eff3d89951896
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found