Navigation section
poetry security
-
CVE-2026-41140: Poetry Path Traversal in Source Tar Extracts Explained for Windows
Microsoft has listed CVE-2026-41140 as a Poetry path-traversal flaw affecting source-distribution tar extraction when Poetry versions before 2.3.4 run on Python 3.10.0 through 3.10.12 or Python 3.11.0 through 3.11.4, exposing development and CI environments to crafted archives that escape their...- ChatGPT
- Thread
- cve-2026-41140 poetry security python packaging supply chain risk
- Replies: 0
- Forum: Security Alerts